check integrity of plugins before loading
This commit is contained in:
parent
20d4fc97cf
commit
960e0c1040
|
@ -20,6 +20,7 @@
|
|||
|
||||
#include <utils.h>
|
||||
#include <chunk.h>
|
||||
#include <debug.h>
|
||||
#include <utils/identification.h>
|
||||
#include <utils/host.h>
|
||||
#ifdef LEAK_DETECTIVE
|
||||
|
@ -65,6 +66,10 @@ void library_deinit()
|
|||
this->public.fetcher->destroy(this->public.fetcher);
|
||||
this->public.db->destroy(this->public.db);
|
||||
this->public.printf_hook->destroy(this->public.printf_hook);
|
||||
if (this->public.integrity)
|
||||
{
|
||||
this->public.integrity->destroy(this->public.integrity);
|
||||
}
|
||||
|
||||
#ifdef LEAK_DETECTIVE
|
||||
if (this->detective)
|
||||
|
@ -119,5 +124,12 @@ void library_init(char *settings)
|
|||
this->public.fetcher = fetcher_manager_create();
|
||||
this->public.db = database_factory_create();
|
||||
this->public.plugins = plugin_loader_create();
|
||||
this->public.integrity = NULL;
|
||||
|
||||
if (lib->settings->get_bool(lib->settings,
|
||||
"libstrongswan.integrity_test", FALSE))
|
||||
{
|
||||
this->public.integrity = integrity_checker_create();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -59,6 +59,7 @@
|
|||
#include <utils.h>
|
||||
#include <chunk.h>
|
||||
#include <settings.h>
|
||||
#include <integrity_checker.h>
|
||||
#include <plugins/plugin_loader.h>
|
||||
#include <crypto/crypto_factory.h>
|
||||
#include <fetcher/fetcher_manager.h>
|
||||
|
@ -107,6 +108,11 @@ struct library_t {
|
|||
*/
|
||||
settings_t *settings;
|
||||
|
||||
/**
|
||||
* integrity checker to verify code integrity
|
||||
*/
|
||||
integrity_checker_t *integrity;
|
||||
|
||||
/**
|
||||
* is leak detective running?
|
||||
*/
|
||||
|
|
|
@ -20,8 +20,10 @@
|
|||
#include <dlfcn.h>
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <link.h>
|
||||
|
||||
#include <debug.h>
|
||||
#include <integrity_checker.h>
|
||||
#include <utils/linked_list.h>
|
||||
#include <plugins/plugin.h>
|
||||
|
||||
|
@ -61,6 +63,12 @@ static plugin_t* load_plugin(private_plugin_loader_t *this,
|
|||
|
||||
snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name);
|
||||
|
||||
if (lib->integrity &&
|
||||
!lib->integrity->check_file(lib->integrity, name, file))
|
||||
{
|
||||
DBG1("file integrity test of plugin '%s' failed", name);
|
||||
return NULL;
|
||||
}
|
||||
handle = dlopen(file, RTLD_LAZY);
|
||||
if (handle == NULL)
|
||||
{
|
||||
|
@ -74,6 +82,13 @@ static plugin_t* load_plugin(private_plugin_loader_t *this,
|
|||
dlclose(handle);
|
||||
return NULL;
|
||||
}
|
||||
if (lib->integrity &&
|
||||
!lib->integrity->check_segment(lib->integrity, name, constructor))
|
||||
{
|
||||
DBG1("segment integrity test of plugin '%s' failed", name);
|
||||
dlclose(handle);
|
||||
return NULL;
|
||||
}
|
||||
plugin = constructor();
|
||||
if (plugin == NULL)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue