Check rng return value when generating ME CONNECT_ID and KEY
authorTobias Brunner <tobias@strongswan.org>
Mon, 25 Jun 2012 14:01:51 +0000 (16:01 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
src/libcharon/sa/ikev2/tasks/ike_me.c

index 333c136..e193499 100644 (file)
@@ -291,9 +291,21 @@ METHOD(task_t, build_i, status_t,
                        {
                                /* only the initiator creates a connect ID. the responder
                                 * returns the connect ID that it received from the initiator */
-                               rng->allocate_bytes(rng, ME_CONNECTID_LEN, &this->connect_id);
+                               if (!rng->allocate_bytes(rng, ME_CONNECTID_LEN,
+                                                                                &this->connect_id))
+                               {
+                                       DBG1(DBG_IKE, "unable to generate ID for ME_CONNECT");
+                                       rng->destroy(rng);
+                                       return FAILED;
+                               }
+                       }
+                       if (!rng->allocate_bytes(rng, ME_CONNECTKEY_LEN,
+                                                                        &this->connect_key))
+                       {
+                               DBG1(DBG_IKE, "unable to generate connect key for ME_CONNECT");
+                               rng->destroy(rng);
+                               return FAILED;
                        }
-                       rng->allocate_bytes(rng, ME_CONNECTKEY_LEN, &this->connect_key);
                        rng->destroy(rng);
 
                        message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id);