From 1bb9c51e87b07a19ff97c72d3acb64c4f05f5573 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 25 Jun 2012 15:59:48 +0200
Subject: [PATCH] Check rng return value when generating IKEv1 message IDs

---
 src/libcharon/sa/ikev1/task_manager_v1.c | 28 +++++++++++++++++-------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 11d5799913..0e88c9e0f3 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -501,12 +501,17 @@ METHOD(task_manager_t, initiate, status_t,
 	me = this->ike_sa->get_my_host(this->ike_sa);
 	other = this->ike_sa->get_other_host(this->ike_sa);
 
-	message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
 	if (new_mid)
 	{
-		this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
-							 (void*)&this->initiating.mid);
+		if (!this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
+								 (void*)&this->initiating.mid))
+		{
+			DBG1(DBG_IKE, "failed to allocate message ID, destroying IKE_SA");
+			flush(this);
+			return DESTROY_ME;
+		}
 	}
+	message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
 	message->set_message_id(message, this->initiating.mid);
 	message->set_source(message, me->clone(me));
 	message->set_destination(message, other->clone(other));
@@ -721,11 +726,14 @@ static void send_notify(private_task_manager_t *this, message_t *request,
 		DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
 		return;
 	}
-
+	if (!this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid))
+	{
+		DBG1(DBG_IKE, "failed to allocate message ID");
+		return;
+	}
 	response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
 	response->set_exchange_type(response, INFORMATIONAL_V1);
 	response->set_request(response, TRUE);
-	this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid);
 	response->set_message_id(response, mid);
 	response->add_payload(response, (payload_t*)
 				notify_payload_create_from_protocol_and_type(NOTIFY_V1,
@@ -1678,9 +1686,13 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
 		destroy(this);
 		return NULL;
 	}
-
-	this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
-						 (void*)&this->dpd_send);
+	if (!this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
+							  (void*)&this->dpd_send))
+	{
+		DBG1(DBG_IKE, "failed to allocate message ID, unable to create IKE_SA");
+		destroy(this);
+		return NULL;
+	}
 	this->dpd_send &= 0x7FFFFFFF;
 
 	return &this->public;
-- 
2.47.2