Check rng return value when generating COOKIE2 during MOBIKE
authorTobias Brunner <tobias@strongswan.org>
Fri, 6 Jul 2012 08:54:06 +0000 (10:54 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
src/libcharon/sa/ikev2/tasks/ike_mobike.c

index 8295bea..90c3866 100644 (file)
@@ -227,18 +227,20 @@ static void build_address_list(private_ike_mobike_t *this, message_t *message)
 /**
  * build a cookie and add it to the message
  */
-static void build_cookie(private_ike_mobike_t *this, message_t *message)
+static bool build_cookie(private_ike_mobike_t *this, message_t *message)
 {
        rng_t *rng;
 
        chunk_free(&this->cookie2);
        rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
-       if (rng)
+       if (!rng || !rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2))
        {
-               rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2);
-               rng->destroy(rng);
-               message->add_notify(message, FALSE, COOKIE2, this->cookie2);
+               DESTROY_IF(rng);
+               return FALSE;
        }
+       message->add_notify(message, FALSE, COOKIE2, this->cookie2);
+       rng->destroy(rng);
+       return TRUE;
 }
 
 /**
@@ -358,7 +360,10 @@ METHOD(task_t, build_i, status_t,
                {
                        message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES,
                                                                chunk_empty);
-                       build_cookie(this, message);
+                       if (!build_cookie(this, message))
+                       {
+                               return FAILED;
+                       }
                        update_children(this);
                }
                if (this->address && !this->check)