struct nlmsghdr *hdr;
struct xfrm_usersa_info *sa;
u_int16_t icv_size = 64;
+ status_t status = FAILED;
/* if IPComp is used, we install an additional IPComp SA. if the cpi is 0
* we are in the recursive call below */
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
encryption_algorithm_names, enc_alg);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
encryption_algorithm_names, enc_alg, enc_key.len * 8);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr);
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
encryption_algorithm_names, enc_alg);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
encryption_algorithm_names, enc_alg, enc_key.len * 8);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
algo = (struct xfrm_algo*)RTA_DATA(rthdr);
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
integrity_algorithm_names, int_alg);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, " using integrity algorithm %N with key size %d",
integrity_algorithm_names, int_alg, int_key.len * 8);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
algo = (struct xfrm_algo*)RTA_DATA(rthdr);
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
ipcomp_transform_names, ipcomp);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, " using compression algorithm %N",
ipcomp_transform_names, ipcomp);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rthdr);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
mrk = (struct xfrm_mark*)RTA_DATA(rthdr);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
tfcpad = (u_int32_t*)RTA_DATA(rthdr);
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
replay = (struct xfrm_replay_state_esn*)RTA_DATA(rthdr);
{
DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi));
}
- return FAILED;
+ goto failed;
}
- return SUCCESS;
+
+ status = SUCCESS;
+
+failed:
+ memwipe(request, sizeof(request));
+ return status;
}
/**
struct nlmsghdr *out = NULL, *hdr;
struct xfrm_usersa_id *sa_id;
struct xfrm_usersa_info *sa = NULL;
+ status_t status = FAILED;
size_t len;
memset(&request, 0, sizeof(request));
if (sa == NULL)
{
DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
- free(out);
- return FAILED;
}
- *bytes = sa->curlft.bytes;
-
+ else
+ {
+ *bytes = sa->curlft.bytes;
+ status = SUCCESS;
+ }
+ memwipe(out, len);
free(out);
return SUCCESS;
}
failed:
free(replay);
free(replay_esn);
+ memwipe(out, len);
free(out);
return status;
projects / strongswan.git / commitdiff