library: Return FALSE from library_init() if loaded settings are invalid
authorTobias Brunner <tobias@strongswan.org>
Tue, 11 Sep 2018 15:56:38 +0000 (17:56 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 11 Sep 2018 16:30:18 +0000 (18:30 +0200)
This way daemons won't start with config files that contain errors.

src/libstrongswan/library.c
src/libstrongswan/library.h

index 86b275d..ad5d9ab 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009-2016 Tobias Brunner
+ * Copyright (C) 2009-2018 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -54,7 +54,7 @@ struct private_library_t {
        /**
         * Integrity check failed?
         */
-       bool integrity_failed;
+       bool init_failed;
 
 #ifdef LEAK_DETECTIVE
        /**
@@ -306,7 +306,7 @@ bool library_init(char *settings, const char *namespace)
        {       /* already initialized, increase refcount */
                this = (private_library_t*)lib;
                ref_get(&this->ref);
-               return !this->integrity_failed;
+               return !this->init_failed;
        }
 
        chunk_hash_seed();
@@ -376,7 +376,14 @@ bool library_init(char *settings, const char *namespace)
        this->objects = hashtable_create((hashtable_hash_t)hash,
                                                                         (hashtable_equals_t)equals, 4);
 
-       this->public.settings = settings_create(this->public.conf);
+       this->public.settings = settings_create(NULL);
+       if (!this->public.settings->load_files(this->public.settings,
+                                                                                  this->public.conf, FALSE))
+       {
+               DBG1(DBG_LIB, "abort initialization due to invalid configuration");
+               this->init_failed = TRUE;
+       }
+
        /* add registered aliases */
        for (i = 0; i < ns_count; ++i)
        {
@@ -416,15 +423,15 @@ bool library_init(char *settings, const char *namespace)
                if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
                {
                        DBG1(DBG_LIB, "integrity check of libstrongswan failed");
-                       this->integrity_failed = TRUE;
+                       this->init_failed = TRUE;
                }
 #else /* !INTEGRITY_TEST */
                DBG1(DBG_LIB, "integrity test enabled, but not supported");
-               this->integrity_failed = TRUE;
+               this->init_failed = TRUE;
 #endif /* INTEGRITY_TEST */
        }
 
        diffie_hellman_init();
 
-       return !this->integrity_failed;
+       return !this->init_failed;
 }
index 53f371c..6409d3c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2016 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -258,11 +258,12 @@ struct library_t {
  *
  * The settings and namespace arguments are only used on the first call.
  *
- * @param settings             file to read settings from, may be NULL for default
+ * @param settings             file to read settings from, may be NULL for default or
+ *                                             "" to not load any settings
  * @param namespace            name of the binary that uses the library, determines
  *                                             the first section name when reading config options.
  *                                             Defaults to libstrongswan if NULL.
- * @return                             FALSE if integrity check failed
+ * @return                             FALSE if integrity check failed or settings are invalid
  */
 bool library_init(char *settings, const char *namespace);