From f6b4ba2a65c17a7c9c9d334a907b790a9b2cbabd Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 11 Sep 2018 17:56:38 +0200 Subject: [PATCH] library: Return FALSE from library_init() if loaded settings are invalid This way daemons won't start with config files that contain errors. --- src/libstrongswan/library.c | 21 ++++++++++++++------- src/libstrongswan/library.h | 7 ++++--- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 86b275dadf..ad5d9ab369 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2016 Tobias Brunner + * Copyright (C) 2009-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -54,7 +54,7 @@ struct private_library_t { /** * Integrity check failed? */ - bool integrity_failed; + bool init_failed; #ifdef LEAK_DETECTIVE /** @@ -306,7 +306,7 @@ bool library_init(char *settings, const char *namespace) { /* already initialized, increase refcount */ this = (private_library_t*)lib; ref_get(&this->ref); - return !this->integrity_failed; + return !this->init_failed; } chunk_hash_seed(); @@ -376,7 +376,14 @@ bool library_init(char *settings, const char *namespace) this->objects = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 4); - this->public.settings = settings_create(this->public.conf); + this->public.settings = settings_create(NULL); + if (!this->public.settings->load_files(this->public.settings, + this->public.conf, FALSE)) + { + DBG1(DBG_LIB, "abort initialization due to invalid configuration"); + this->init_failed = TRUE; + } + /* add registered aliases */ for (i = 0; i < ns_count; ++i) { @@ -416,15 +423,15 @@ bool library_init(char *settings, const char *namespace) if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init)) { DBG1(DBG_LIB, "integrity check of libstrongswan failed"); - this->integrity_failed = TRUE; + this->init_failed = TRUE; } #else /* !INTEGRITY_TEST */ DBG1(DBG_LIB, "integrity test enabled, but not supported"); - this->integrity_failed = TRUE; + this->init_failed = TRUE; #endif /* INTEGRITY_TEST */ } diffie_hellman_init(); - return !this->integrity_failed; + return !this->init_failed; } diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 53f371c51e..6409d3cae5 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2016 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -258,11 +258,12 @@ struct library_t { * * The settings and namespace arguments are only used on the first call. * - * @param settings file to read settings from, may be NULL for default + * @param settings file to read settings from, may be NULL for default or + * "" to not load any settings * @param namespace name of the binary that uses the library, determines * the first section name when reading config options. * Defaults to libstrongswan if NULL. - * @return FALSE if integrity check failed + * @return FALSE if integrity check failed or settings are invalid */ bool library_init(char *settings, const char *namespace); -- 2.47.2