MACsec: Check os_get_random() return value

This makes the MACsec implementation more consistent with rest of
wpa_supplicant. (CID 72677, CID 72695, CID 72701, CID 72709, CID 72711)

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index b1cf32dd0813db4488e98302602ed90c3f9e3afa..7069c207fa9aabaa4ae077d35f30120000a524c7 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -729,7 +729,8 @@ ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
 
        /* If the peer's MI is my MI, I will choose new MI */
        if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
-               os_get_random(participant->mi, sizeof(participant->mi));
+               if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
+                       return NULL;
                participant->mn = 0;
        }
 
@@ -1003,8 +1004,10 @@ static int ieee802_1x_mka_decode_live_peer_body(
                if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
                        /* My message id is used by other participant */
                        if (peer_mn > participant->mn) {
-                               os_get_random(participant->mi,
-                                             sizeof(participant->mi));
+                               if (os_get_random(participant->mi,
+                                                 sizeof(participant->mi)) < 0)
+                                       wpa_printf(MSG_DEBUG,
+                                                  "KaY: Could not update mi");
                                participant->mn = 0;
                        }
                        continue;
@@ -1054,8 +1057,10 @@ ieee802_1x_mka_decode_potential_peer_body(
                if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
                        /* My message id is used by other participant */
                        if (peer_mn > participant->mn) {
-                               os_get_random(participant->mi,
-                                             sizeof(participant->mi));
+                               if (os_get_random(participant->mi,
+                                                 sizeof(participant->mi)) < 0)
+                                       wpa_printf(MSG_DEBUG,
+                                                  "KaY: Could not update mi");
                                participant->mn = 0;
                        }
                        continue;
@@ -1998,7 +2003,12 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
                return -1;
        }
        ctx_offset = 0;
-       os_get_random(context + ctx_offset, conf->key_len);
+       if (os_get_random(context + ctx_offset, conf->key_len) < 0) {
+               os_free(context);
+               os_free(conf->key);
+               os_free(conf);
+               return -1;
+       }
        ctx_offset += conf->key_len;
        dl_list_for_each(peer, &participant->live_peers,
                         struct ieee802_1x_kay_peer, list) {
@@ -3325,7 +3335,8 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
        participant->retry_count = 0;
        participant->kay = kay;
 
-       os_get_random(participant->mi, sizeof(participant->mi));
+       if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
+               goto fail;
        participant->mn = 0;
 
        participant->lrx = FALSE;