Check rng return value when generating libfast session COOKIEs
authorMartin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 12:17:01 +0000 (14:17 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:37 +0000 (14:53 +0200)
src/libfast/dispatcher.c
src/libfast/session.c
src/libfast/session.h

index e5fca70..63c872e 100644 (file)
@@ -179,10 +179,16 @@ static session_entry_t *session_entry_create(private_dispatcher_t *this,
                                                                                         char *host)
 {
        session_entry_t *entry;
+       session_t *session;
 
+       session = load_session(this);
+       if (!session)
+       {
+               return NULL;
+       }
        INIT(entry,
                .cond = condvar_create(CONDVAR_TYPE_DEFAULT),
-               .session = load_session(this),
+               .session = session,
                .host = strdup(host),
                .used = time_monotonic(NULL),
        );
@@ -324,6 +330,12 @@ static void dispatch(private_dispatcher_t *this)
                else
                {       /* create a new session if not found */
                        found = session_entry_create(this, request->get_host(request));
+                       if (!found)
+                       {
+                               request->destroy(request);
+                               this->mutex->unlock(this->mutex);
+                               continue;
+                       }
                        sid = found->session->get_sid(found->session);
                        this->sessions->put(this->sessions, sid, found);
                }
index 1d9ed01..99f2dcb 100644 (file)
@@ -78,20 +78,24 @@ METHOD(session_t, add_filter, void,
 /**
  * Create a session ID and a cookie
  */
-static void create_sid(private_session_t *this)
+static bool create_sid(private_session_t *this)
 {
        char buf[COOKIE_LEN];
        rng_t *rng;
 
-       memset(buf, 0, sizeof(buf));
-       memset(this->sid, 0, sizeof(this->sid));
        rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
        if (rng)
        {
-               rng->get_bytes(rng, sizeof(buf), buf);
+               return FALSE;
+       }
+       if (!rng->get_bytes(rng, sizeof(buf), buf))
+       {
                rng->destroy(rng);
+               return FALSE;
        }
+       rng->destroy(rng);
        chunk_to_hex(chunk_create(buf, sizeof(buf)), this->sid, FALSE);
+       return TRUE;
 }
 
 /**
@@ -212,7 +216,11 @@ session_t *session_create(context_t *context)
                .filters = linked_list_create(),
                .context = context,
        );
-       create_sid(this);
+       if (!create_sid(this))
+       {
+               destroy(this);
+               return NULL;
+       }
 
        return &this->public;
 }
index f60fa9e..acbab89 100644 (file)
@@ -70,6 +70,7 @@ struct session_t {
  * Create a session new session.
  *
  * @param context              user defined session context instance
+ * @return                             client session, NULL on error
  */
 session_t *session_create(context_t *context);