Check rng return value when generating COOKIE2 during MOBIKE
[strongswan.git] / src / libcharon / sa / ikev2 / tasks / ike_mobike.c
index c533506..90c3866 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2010-2012 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -134,13 +135,17 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
                        {
                                if (first)
                                {       /* an ADDITIONAL_*_ADDRESS means replace, so flush once */
-                                       this->ike_sa->remove_additional_addresses(this->ike_sa);
+                                       this->ike_sa->clear_peer_addresses(this->ike_sa);
                                        first = FALSE;
+                                       /* add the peer's current address to the list */
+                                       host = message->get_source(message);
+                                       this->ike_sa->add_peer_address(this->ike_sa,
+                                                                                                  host->clone(host));
                                }
                                data = notify->get_notification_data(notify);
                                host = host_create_from_chunk(family, data, 0);
                                DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host);
-                               this->ike_sa->add_additional_address(this->ike_sa, host);
+                               this->ike_sa->add_peer_address(this->ike_sa, host);
                                this->addresses_updated = TRUE;
                                break;
                        }
@@ -151,7 +156,10 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
                        }
                        case NO_ADDITIONAL_ADDRESSES:
                        {
-                               this->ike_sa->remove_additional_addresses(this->ike_sa);
+                               this->ike_sa->clear_peer_addresses(this->ike_sa);
+                               /* add the peer's current address to the list */
+                               host = message->get_source(message);
+                               this->ike_sa->add_peer_address(this->ike_sa, host->clone(host));
                                this->addresses_updated = TRUE;
                                break;
                        }
@@ -219,18 +227,20 @@ static void build_address_list(private_ike_mobike_t *this, message_t *message)
 /**
  * build a cookie and add it to the message
  */
-static void build_cookie(private_ike_mobike_t *this, message_t *message)
+static bool build_cookie(private_ike_mobike_t *this, message_t *message)
 {
        rng_t *rng;
 
        chunk_free(&this->cookie2);
        rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
-       if (rng)
+       if (!rng || !rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2))
        {
-               rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2);
-               rng->destroy(rng);
-               message->add_notify(message, FALSE, COOKIE2, this->cookie2);
+               DESTROY_IF(rng);
+               return FALSE;
        }
+       message->add_notify(message, FALSE, COOKIE2, this->cookie2);
+       rng->destroy(rng);
+       return TRUE;
 }
 
 /**
@@ -291,18 +301,7 @@ METHOD(ike_mobike_t, transmit, void,
        other_old = this->ike_sa->get_other_host(this->ike_sa);
        ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
 
-       me = hydra->kernel_interface->get_source_addr(
-                                                                       hydra->kernel_interface, other_old, NULL);
-       if (me)
-       {
-               apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg));
-               DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old);
-               copy = packet->clone(packet);
-               copy->set_source(copy, me);
-               charon->sender->send(charon->sender, copy);
-       }
-
-       enumerator = this->ike_sa->create_additional_address_enumerator(this->ike_sa);
+       enumerator = this->ike_sa->create_peer_address_enumerator(this->ike_sa);
        while (enumerator->enumerate(enumerator, (void**)&other))
        {
                me = hydra->kernel_interface->get_source_addr(
@@ -361,7 +360,10 @@ METHOD(task_t, build_i, status_t,
                {
                        message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES,
                                                                chunk_empty);
-                       build_cookie(this, message);
+                       if (!build_cookie(this, message))
+                       {
+                               return FAILED;
+                       }
                        update_children(this);
                }
                if (this->address && !this->check)