From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 25 Jun 2012 14:02:13 +0000 (+0200)
Subject: Check rng return value when generating SPIs in kernel-klips plugin
X-Git-Tag: 5.0.1~336
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0159a5404754fcf4594329df8c5821c88035bd5f;p=thirdparty%2Fstrongswan.git

Check rng return value when generating SPIs in kernel-klips plugin
---

diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index b8d44d686e..7e58cf30b7 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -1520,12 +1520,12 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
 	u_int32_t spi_gen;
 
 	rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-	if (!rng)
+	if (!rng || !rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen))
 	{
-		DBG1(DBG_KNL, "allocating SPI failed: no RNG");
+		DBG1(DBG_KNL, "allocating SPI failed");
+		DESTROY_IF(rng);
 		return FAILED;
 	}
-	rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen);
 	rng->destroy(rng);
 
 	/* allocated SPIs lie within the range from 0xc0000000 to 0xcFFFFFFF */