From: Martin Willi Date: Fri, 6 Jul 2012 12:17:01 +0000 (+0200) Subject: Check rng return value when generating libfast session COOKIEs X-Git-Tag: 5.0.1~320 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76a98ee2a1578a7f1f95b63846cefffad9b1df63;p=thirdparty%2Fstrongswan.git Check rng return value when generating libfast session COOKIEs --- diff --git a/src/libfast/dispatcher.c b/src/libfast/dispatcher.c index e5fca70742..63c872e35c 100644 --- a/src/libfast/dispatcher.c +++ b/src/libfast/dispatcher.c @@ -179,10 +179,16 @@ static session_entry_t *session_entry_create(private_dispatcher_t *this, char *host) { session_entry_t *entry; + session_t *session; + session = load_session(this); + if (!session) + { + return NULL; + } INIT(entry, .cond = condvar_create(CONDVAR_TYPE_DEFAULT), - .session = load_session(this), + .session = session, .host = strdup(host), .used = time_monotonic(NULL), ); @@ -324,6 +330,12 @@ static void dispatch(private_dispatcher_t *this) else { /* create a new session if not found */ found = session_entry_create(this, request->get_host(request)); + if (!found) + { + request->destroy(request); + this->mutex->unlock(this->mutex); + continue; + } sid = found->session->get_sid(found->session); this->sessions->put(this->sessions, sid, found); } diff --git a/src/libfast/session.c b/src/libfast/session.c index 1d9ed01076..99f2dcb38f 100644 --- a/src/libfast/session.c +++ b/src/libfast/session.c @@ -78,20 +78,24 @@ METHOD(session_t, add_filter, void, /** * Create a session ID and a cookie */ -static void create_sid(private_session_t *this) +static bool create_sid(private_session_t *this) { char buf[COOKIE_LEN]; rng_t *rng; - memset(buf, 0, sizeof(buf)); - memset(this->sid, 0, sizeof(this->sid)); rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng) { - rng->get_bytes(rng, sizeof(buf), buf); + return FALSE; + } + if (!rng->get_bytes(rng, sizeof(buf), buf)) + { rng->destroy(rng); + return FALSE; } + rng->destroy(rng); chunk_to_hex(chunk_create(buf, sizeof(buf)), this->sid, FALSE); + return TRUE; } /** @@ -212,7 +216,11 @@ session_t *session_create(context_t *context) .filters = linked_list_create(), .context = context, ); - create_sid(this); + if (!create_sid(this)) + { + destroy(this); + return NULL; + } return &this->public; } diff --git a/src/libfast/session.h b/src/libfast/session.h index f60fa9ef20..acbab89643 100644 --- a/src/libfast/session.h +++ b/src/libfast/session.h @@ -70,6 +70,7 @@ struct session_t { * Create a session new session. * * @param context user defined session context instance + * @return client session, NULL on error */ session_t *session_create(context_t *context);