From: Tobias Brunner Date: Tue, 5 May 2015 07:39:11 +0000 (+0200) Subject: ike-init: Fix error handling if nonceg can't be created X-Git-Tag: 5.3.1rc1~32 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=59565ebf6051d8c5048c759be3bbcac1b3b3f9e0;p=thirdparty%2Fstrongswan.git ike-init: Fix error handling if nonceg can't be created Returning FAILED in the constructor is wrong, but returning NULL doesn't work either as it's currently assumed tasks always can be created. Therefore, delay this check until we actually try to allocate a nonce. --- diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 2856312c93..1ff643d62c 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -120,6 +120,25 @@ struct private_ike_init_t { bool signature_authentication; }; +/** + * Allocate our own nonce value + */ +static bool generate_nonce(private_ike_init_t *this) +{ + if (!this->nonceg) + { + DBG1(DBG_IKE, "no nonce generator found to create nonce"); + return FALSE; + } + if (!this->nonceg->allocate_nonce(this->nonceg, NONCE_SIZE, + &this->my_nonce)) + { + DBG1(DBG_IKE, "nonce allocation failed"); + return FALSE; + } + return TRUE; +} + /** * Notify the peer about the hash algorithms we support or expect, * as per RFC 7427 @@ -433,10 +452,8 @@ METHOD(task_t, build_i, status_t, /* generate nonce only when we are trying the first time */ if (this->my_nonce.ptr == NULL) { - if (!this->nonceg->allocate_nonce(this->nonceg, NONCE_SIZE, - &this->my_nonce)) + if (!generate_nonce(this)) { - DBG1(DBG_IKE, "nonce allocation failed"); return FAILED; } } @@ -471,9 +488,8 @@ METHOD(task_t, process_r, status_t, DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); - if (!this->nonceg->allocate_nonce(this->nonceg, NONCE_SIZE, &this->my_nonce)) + if (!generate_nonce(this)) { - DBG1(DBG_IKE, "nonce allocation failed"); return FAILED; } @@ -787,14 +803,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) .signature_authentication = lib->settings->get_bool(lib->settings, "%s.signature_authentication", TRUE, lib->ns), ); - this->nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); - if (!this->nonceg) - { - DBG1(DBG_IKE, "no nonce generator found to create nonce"); - free(this); - return FAILED; - } if (initiator) { @@ -806,6 +815,5 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) this->public.task.build = _build_r; this->public.task.process = _process_r; } - return &this->public; }