ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ike-init: Fix error handling if nonceg can't be created 

Returning FAILED in the constructor is wrong, but returning NULL doesn't work
either as it's currently assumed tasks always can be created.
Therefore, delay this check until we actually try to allocate a nonce.
This commit is contained in:
Tobias Brunner 2015-05-05 09:39:11 +02:00
parent d648d61375
commit 59565ebf60
1 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/libcharon/sa/ikev2/tasks/ike_init.c
View File

@ -120,6 +120,25 @@ struct private_ike_init_t {
bool signature_authentication;
};
/**
* Allocate our own nonce value
*/
static bool generate_nonce(private_ike_init_t *this)
{
if (!this->nonceg)
{
DBG1(DBG_IKE, "no nonce generator found to create nonce");
return FALSE;
}
if (!this->nonceg->allocate_nonce(this->nonceg, NONCE_SIZE,
&this->my_nonce))
{
DBG1(DBG_IKE, "nonce allocation failed");
return FALSE;
}
return TRUE;
}
/**
* Notify the peer about the hash algorithms we support or expect,
* as per RFC 7427
@ -433,10 +452,8 @@ METHOD(task_t, build_i, status_t,
/* generate nonce only when we are trying the first time */
if (this->my_nonce.ptr == NULL)
{
if (!this->nonceg->allocate_nonce(this->nonceg, NONCE_SIZE,
&this->my_nonce))
if (!generate_nonce(this))
{
DBG1(DBG_IKE, "nonce allocation failed");
return FAILED;
}
}
@ -471,9 +488,8 @@ METHOD(task_t, process_r, status_t,
DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
if (!this->nonceg->allocate_nonce(this->nonceg, NONCE_SIZE, &this->my_nonce))
if (!generate_nonce(this))
{
DBG1(DBG_IKE, "nonce allocation failed");
return FAILED;
}
@ -787,14 +803,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
.signature_authentication = lib->settings->get_bool(lib->settings,
"%s.signature_authentication", TRUE, lib->ns),
);
this->nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
if (!this->nonceg)
{
DBG1(DBG_IKE, "no nonce generator found to create nonce");
free(this);
return FAILED;
}
if (initiator)
{
@ -806,6 +815,5 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
this->public.task.build = _build_r;
this->public.task.process = _process_r;
}
return &this->public;
}