Check rng return value when generating ME CONNECT_ID and KEY

diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c
index 333c136..e193499 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_me.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_me.c
@@ -291,9 +291,21 @@ METHOD(task_t, build_i, status_t,
                        {
                                /* only the initiator creates a connect ID. the responder
                                 * returns the connect ID that it received from the initiator */
-                               rng->allocate_bytes(rng, ME_CONNECTID_LEN, &this->connect_id);
+                               if (!rng->allocate_bytes(rng, ME_CONNECTID_LEN,
+                                                                                &this->connect_id))
+                               {
+                                       DBG1(DBG_IKE, "unable to generate ID for ME_CONNECT");
+                                       rng->destroy(rng);
+                                       return FAILED;
+                               }
+                       }
+                       if (!rng->allocate_bytes(rng, ME_CONNECTKEY_LEN,
+                                                                        &this->connect_key))
+                       {
+                               DBG1(DBG_IKE, "unable to generate connect key for ME_CONNECT");
+                               rng->destroy(rng);
+                               return FAILED;
                        }
-                       rng->allocate_bytes(rng, ME_CONNECTKEY_LEN, &this->connect_key);
                        rng->destroy(rng);
 
                        message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id);