library: Return FALSE from library_init() if loaded settings are invalid

This way daemons won't start with config files that contain errors.
2018-09-11 17:56:38 +02:00 · 2018-09-11 17:56:38 +02:00 · f6b4ba2a65
parent 71dca60c31
commit f6b4ba2a65
2 changed files with 18 additions and 10 deletions
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009-2016 Tobias Brunner
+ * Copyright (C) 2009-2018 Tobias Brunner
 * Copyright (C) 2008 Martin Willi
 * HSR Hochschule fuer Technik Rapperswil
 *
@ -54,7 +54,7 @@ struct private_library_t {
 	/**
 	 * Integrity check failed?
 	 */
-	bool integrity_failed;
+	bool init_failed;

 #ifdef LEAK_DETECTIVE
 	/**
@ -306,7 +306,7 @@ bool library_init(char *settings, const char *namespace)
 	{	/* already initialized, increase refcount */
 		this = (private_library_t*)lib;
 		ref_get(&this->ref);
-		return !this->integrity_failed;
+		return !this->init_failed;
 	}

 	chunk_hash_seed();
@ -376,7 +376,14 @@ bool library_init(char *settings, const char *namespace)
 	this->objects = hashtable_create((hashtable_hash_t)hash,
 									 (hashtable_equals_t)equals, 4);

-	this->public.settings = settings_create(this->public.conf);
+	this->public.settings = settings_create(NULL);
+	if (!this->public.settings->load_files(this->public.settings,
+										   this->public.conf, FALSE))
+	{
+		DBG1(DBG_LIB, "abort initialization due to invalid configuration");
+		this->init_failed = TRUE;
+	}
+
 	/* add registered aliases */
 	for (i = 0; i < ns_count; ++i)
 	{
@ -416,15 +423,15 @@ bool library_init(char *settings, const char *namespace)
 		if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
 		{
 			DBG1(DBG_LIB, "integrity check of libstrongswan failed");
-			this->integrity_failed = TRUE;
+			this->init_failed = TRUE;
 		}
 #else /* !INTEGRITY_TEST */
 		DBG1(DBG_LIB, "integrity test enabled, but not supported");
-		this->integrity_failed = TRUE;
+		this->init_failed = TRUE;
 #endif /* INTEGRITY_TEST */
 	}

 	diffie_hellman_init();

-	return !this->integrity_failed;
+	return !this->init_failed;
 }
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2016 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
 * Copyright (C) 2008 Martin Willi
 * HSR Hochschule fuer Technik Rapperswil
 *
@ -258,11 +258,12 @@ struct library_t {
 *
 * The settings and namespace arguments are only used on the first call.
 *
- * @param settings		file to read settings from, may be NULL for default
+ * @param settings		file to read settings from, may be NULL for default or
+ *						"" to not load any settings
 * @param namespace		name of the binary that uses the library, determines
 *						the first section name when reading config options.
 *						Defaults to libstrongswan if NULL.
- * @return				FALSE if integrity check failed
+ * @return				FALSE if integrity check failed or settings are invalid
 */
 bool library_init(char *settings, const char *namespace);