Check rng return value when generating SPIs in kernel-klips plugin
authorTobias Brunner <tobias@strongswan.org>
Mon, 25 Jun 2012 14:02:13 +0000 (16:02 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:36 +0000 (14:53 +0200)
src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c

index b8d44d6..7e58cf3 100644 (file)
@@ -1520,12 +1520,12 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
        u_int32_t spi_gen;
 
        rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (!rng)
+       if (!rng || !rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen))
        {
-               DBG1(DBG_KNL, "allocating SPI failed: no RNG");
+               DBG1(DBG_KNL, "allocating SPI failed");
+               DESTROY_IF(rng);
                return FAILED;
        }
-       rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen);
        rng->destroy(rng);
 
        /* allocated SPIs lie within the range from 0xc0000000 to 0xcFFFFFFF */