Check rng return value when generating fake NAT detection payloads
authorTobias Brunner <tobias@strongswan.org>
Mon, 25 Jun 2012 14:00:48 +0000 (16:00 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
src/libcharon/sa/ikev1/tasks/isakmp_natd.c
src/libcharon/sa/ikev2/tasks/ike_natd.c

index 4491017..cd3bc21 100644 (file)
@@ -123,12 +123,13 @@ static chunk_t generate_natd_hash_faked(private_isakmp_natd_t *this)
                return chunk_empty;
        }
        rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (!rng)
+       if (!rng ||
+               !rng->allocate_bytes(rng, hasher->get_hash_size(hasher), &chunk))
        {
                DBG1(DBG_IKE, "unable to get random bytes for NAT-D fake");
+               DESTROY_IF(rng);
                return chunk_empty;
        }
-       rng->allocate_bytes(rng, hasher->get_hash_size(hasher), &chunk);
        rng->destroy(rng);
        return chunk;
 }
index 44a2be1..55c0286 100644 (file)
@@ -121,12 +121,12 @@ static chunk_t generate_natd_hash_faked(private_ike_natd_t *this)
        chunk_t chunk;
 
        rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (!rng)
+       if (!rng || !rng->allocate_bytes(rng, HASH_SIZE_SHA1, &chunk))
        {
                DBG1(DBG_IKE, "unable to get random bytes for NATD fake");
+               DESTROY_IF(rng);
                return chunk_empty;
        }
-       rng->allocate_bytes(rng, HASH_SIZE_SHA1, &chunk);
        rng->destroy(rng);
        return chunk;
 }