gnutls_rnd(): always check its return value

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

src/icmp-ping.c

@@ -183,12 +183,16 @@ int icmp_ping4(main_server_st * s, struct sockaddr_in *addr1)
 	if (GETCONFIG(s)->ping_leases == 0)
 		return 0;
 
-	gnutls_rnd(GNUTLS_RND_NONCE, &id1, sizeof(id1));
+	if ((e=gnutls_rnd(GNUTLS_RND_NONCE, &id1, sizeof(id1))) < 0) {
+		mslog(s, NULL, LOG_ERR,
+		      "error in the random generator: %s", gnutls_strerror(e));
+		return 0;
+	}
 
 	pingsock = socket(AF_INET, SOCK_RAW, 1);
 	if (pingsock == -1) {
 		e = errno;
-		mslog(s, NULL, LOG_INFO,
+		mslog(s, NULL, LOG_ERR,
 		      "could not open raw socket for ping: %s", strerror(e));
 		return 0;
 	}
@@ -274,12 +278,16 @@ int icmp_ping6(main_server_st * s,
 	if (GETCONFIG(s)->ping_leases == 0)
 		return 0;
 
-	gnutls_rnd(GNUTLS_RND_NONCE, &id1, sizeof(id1));
+	if ((e=gnutls_rnd(GNUTLS_RND_NONCE, &id1, sizeof(id1))) < 0) {
+		mslog(s, NULL, LOG_ERR,
+		      "error in the random generator: %s", gnutls_strerror(e));
+		return 0;
+	}
 
 	pingsock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
 	if (pingsock == -1) {
 		e = errno;
-		mslog(s, NULL, LOG_INFO,
+		mslog(s, NULL, LOG_ERR,
 		      "could not open raw socket for ping: %s", strerror(e));
 		return 0;
 	}

src/ip-lease.c

@@ -291,7 +291,12 @@ int get_ipv4_lease(main_server_st* s, struct proc_st* proc)
 			memcpy(SA_IN_U8_P(&rnd), proc->ipv4_seed, 4);
 		} else {
 			if (max_loops < MAX_IP_TRIES-FIXED_IPS) {
-				gnutls_rnd(GNUTLS_RND_NONCE, SA_IN_U8_P(&rnd), sizeof(struct in_addr));
+				ret = gnutls_rnd(GNUTLS_RND_NONCE, SA_IN_U8_P(&rnd), sizeof(struct in_addr));
+				if (ret < 0) {
+					mslog(s, proc, LOG_ERR, "error in the random generator: %s", gnutls_strerror(ret));
+					ret = ERR_NO_IP;
+					goto fail;
+				}
 			} else {
 				ip_from_seed(SA_IN_U8_P(&rnd), sizeof(struct in_addr),
 					     SA_IN_U8_P(&rnd), sizeof(struct in_addr));
@@ -453,7 +458,12 @@ int get_ipv6_lease(main_server_st* s, struct proc_st* proc)
 				     SA_IN6_U8_P(&rnd), sizeof(struct in6_addr));
 		} else {
 			if (max_loops < MAX_IP_TRIES-FIXED_IPS) {
-				gnutls_rnd(GNUTLS_RND_NONCE, SA_IN_U8_P(&rnd), sizeof(struct in6_addr));
+				ret = gnutls_rnd(GNUTLS_RND_NONCE, SA_IN_U8_P(&rnd), sizeof(struct in6_addr));
+				if (ret < 0) {
+					mslog(s, proc, LOG_ERR, "error in the random generator: %s", gnutls_strerror(ret));
+					ret = ERR_NO_IP;
+					goto fail;
+				}
 			} else {
 				ip_from_seed(SA_IN6_U8_P(&rnd), sizeof(struct in6_addr),
 					     SA_IN6_U8_P(&rnd), sizeof(struct in6_addr));

src/worker-vpn.c

@@ -1867,7 +1867,15 @@ static int connect_handler(worker_st * ws)
 	unsigned i;
 	unsigned ip6;
 
-	gnutls_rnd(GNUTLS_RND_NONCE, &rnd, sizeof(rnd));
+	ret = gnutls_rnd(GNUTLS_RND_NONCE, &rnd, sizeof(rnd));
+	if (ret < 0) {
+		oclog(ws, LOG_ERR,
+		      "error in the random generator: %s", gnutls_strerror(ret));
+		cstp_puts(ws, "HTTP/1.1 503 Service Unavailable\r\n");
+		cstp_puts(ws,
+			 "X-Reason: Server error\r\n\r\n");
+		return -1;
+	}
 
 	ws->buffer_size = sizeof(ws->buffer);