From 6a8c8815fe112059d7724f40687c377568b15ee3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 19 Jun 2009 17:27:57 +0200 Subject: [PATCH] check on-disk and loaded segment integrity of libstrongswan --- src/libstrongswan/integrity_checker.c | 26 +++++++++++++++++++++++++- src/libstrongswan/integrity_checker.h | 9 +++++++++ src/libstrongswan/library.c | 3 +-- 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index 813ae9e..3643c0a 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -137,7 +137,7 @@ static u_int32_t build_segment(private_integrity_checker_t *this, void *sym) if (dladdr(sym, &dli) == 0) { - DBG1("unable to locate symbol: %s", strerror(errno)); + DBG1("unable to locate symbol: %s", dlerror()); return 0; } /* we reuse the Dl_info struct as in/out parameter */ @@ -221,6 +221,29 @@ static bool check_segment(private_integrity_checker_t *this, } /** + * Implementation of integrity_checker_t.check + */ +static bool check(private_integrity_checker_t *this, char *name, void *sym) +{ + Dl_info dli; + + if (dladdr(sym, &dli) == 0) + { + DBG1("unable to locate symbol: %s", dlerror()); + return FALSE; + } + if (!check_file(this, name, (char*)dli.dli_fname)) + { + return FALSE; + } + if (!check_segment(this, name, sym)) + { + return FALSE; + } + return TRUE; +} + +/** * Implementation of integrity_checker_t.destroy. */ static void destroy(private_integrity_checker_t *this) @@ -243,6 +266,7 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) this->public.build_file = (u_int32_t(*)(integrity_checker_t*, char *file))build_file; this->public.check_segment = (bool(*)(integrity_checker_t*, char *name, void *sym))check_segment; this->public.build_segment = (u_int32_t(*)(integrity_checker_t*, void *sym))build_segment; + this->public.check = (bool(*)(integrity_checker_t*, char *name, void *sym))check; this->public.destroy = (void(*)(integrity_checker_t*))destroy; this->checksum_count = 0; diff --git a/src/libstrongswan/integrity_checker.h b/src/libstrongswan/integrity_checker.h index ec4961e..d10de5b 100644 --- a/src/libstrongswan/integrity_checker.h +++ b/src/libstrongswan/integrity_checker.h @@ -82,6 +82,15 @@ struct integrity_checker_t { u_int32_t (*build_segment)(integrity_checker_t *this, void *sym); /** + * Check both, on disk file integrity and loaded segment. + * + * @param name name to lookup checksum + * @param sym a symbol to look up library and segment + * @return TRUE if integrity tested successfully + */ + bool (*check)(integrity_checker_t *this, char *name, void *sym); + + /** * Destroy a integrity_checker_t. */ void (*destroy)(integrity_checker_t *this); diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 217dbc0..0116b8e 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -132,8 +132,7 @@ bool library_init(char *settings) "libstrongswan.integrity_test", FALSE)) { this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY); - if (!lib->integrity->check_segment(lib->integrity, - "libstrongswan", library_init)) + if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init)) { DBG1("integrity check of libstrongswan failed"); return FALSE; -- 2.7.4