Check rng return value when generating IKEv1 message IDs

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 11d5799913014636b10803859552251483a17203..0e88c9e0f3dac32893308aecdc879aa8efde061c 100644 (file)
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -501,12 +501,17 @@ METHOD(task_manager_t, initiate, status_t,
        me = this->ike_sa->get_my_host(this->ike_sa);
        other = this->ike_sa->get_other_host(this->ike_sa);
 
-       message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
        if (new_mid)
        {
-               this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
-                                                        (void*)&this->initiating.mid);
+               if (!this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
+                                                                (void*)&this->initiating.mid))
+               {
+                       DBG1(DBG_IKE, "failed to allocate message ID, destroying IKE_SA");
+                       flush(this);
+                       return DESTROY_ME;
+               }
        }
+       message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
        message->set_message_id(message, this->initiating.mid);
        message->set_source(message, me->clone(me));
        message->set_destination(message, other->clone(other));
@@ -721,11 +726,14 @@ static void send_notify(private_task_manager_t *this, message_t *request,
                DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
                return;
        }
-
+       if (!this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid))
+       {
+               DBG1(DBG_IKE, "failed to allocate message ID");
+               return;
+       }
        response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
        response->set_exchange_type(response, INFORMATIONAL_V1);
        response->set_request(response, TRUE);
-       this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid);
        response->set_message_id(response, mid);
        response->add_payload(response, (payload_t*)
                                notify_payload_create_from_protocol_and_type(NOTIFY_V1,
@@ -1678,9 +1686,13 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
                destroy(this);
                return NULL;
        }
-
-       this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
-                                                (void*)&this->dpd_send);
+       if (!this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
+                                                         (void*)&this->dpd_send))
+       {
+               DBG1(DBG_IKE, "failed to allocate message ID, unable to create IKE_SA");
+               destroy(this);
+               return NULL;
+       }
        this->dpd_send &= 0x7FFFFFFF;
 
        return &this->public;