Check rng return value when encrypting encryption payload
authorTobias Brunner <tobias@strongswan.org>
Mon, 25 Jun 2012 13:54:57 +0000 (15:54 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
src/libcharon/encoding/payloads/encryption_payload.c

index 842e516..c40bd2a 100644 (file)
@@ -356,8 +356,14 @@ METHOD(encryption_payload_t, encrypt, bool,
        crypt = chunk_create(plain.ptr, plain.len + padding.len);
        generator->destroy(generator);
 
-       rng->get_bytes(rng, iv.len, iv.ptr);
-       rng->get_bytes(rng, padding.len - 1, padding.ptr);
+       if (!rng->get_bytes(rng, iv.len, iv.ptr) ||
+               !rng->get_bytes(rng, padding.len - 1, padding.ptr))
+       {
+               DBG1(DBG_ENC, "encrypting encryption payload failed, no IV or padding");
+               rng->destroy(rng);
+               free(assoc.ptr);
+               return FALSE;
+       }
        padding.ptr[padding.len - 1] = padding.len - 1;
        rng->destroy(rng);