[CID-32919, 33501] Fix bug

[platform/upstream/connman.git] / vpn / plugins / ipsec.c

diff --git a/vpn/plugins/ipsec.c b/vpn/plugins/ipsec.c
index 70f3433..617830c 100644 (file)
--- a/vpn/plugins/ipsec.c
+++ b/vpn/plugins/ipsec.c
@@ -248,65 +248,97 @@ static int get_cert_type(const char *path)
        return cert_type;
 }
 
-static void read_der_file(const char *path, X509 **cert)
+static int read_der_file(const char *path, X509 **cert)
 {
        FILE *fp = NULL;
+       int err = 0;
+
+       if(!path || !cert) {
+               /* TODO :remove this after debug */
+               DBG("there's no cert data");
+               return 0;
+       }
 
        DBG("der path %s\n", path);
        fp = fopen(path, "r");
        if (!fp) {
-               connman_error("fopen %s is failed\n", path);
-               return;
+               connman_error("Failed to open file");
+               return -EINVAL;
        }
 
        *cert = d2i_X509_fp(fp, NULL);
+       if (!(*cert)) {
+               connman_error("Failed to read der file");
+               err = -EINVAL;
+       }
+
        fclose(fp);
-       return;
+       return err;
 }
 
-static void read_pem_file(const char *path, X509 **cert)
+static int read_pem_file(const char *path, X509 **cert)
 {
        FILE *fp = NULL;
+       int err = 0;
+
+       if(!path || !cert) {
+               /* TODO :remove this after debug */
+               DBG("there's no cert data");
+               return 0;
+       }
 
        DBG("pem path %s\n", path);
        fp = fopen(path, "r");
        if (!fp) {
-               connman_error("fopen %s is failed\n", path);
-               return;
+               connman_error("Failed to open file");
+               return -EINVAL;
        }
 
        *cert = PEM_read_X509(fp, cert, NULL, NULL);
+       if (!(*cert)) {
+               connman_error("Failed to read pem file");
+               err = -EINVAL;
+       }
+
        fclose(fp);
-       return;
+       return err;
 }
 
-static void read_pkcs12_file(const char *path, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+static int read_pkcs12_file(const char *path, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
        FILE *fp = NULL;
        PKCS12 *p12;
+       int err = 0;
+
+       if(!path || !pass || !pkey || !cert || !ca) {
+               /* TODO :remove this after debug */
+               DBG("there's no cert data");
+               return 0;
+       }
 
        DBG("pkcs12 path %s\n", path);
        fp = fopen(path, "r");
        if (!fp) {
-               print_openssl_error();
-               return;
+               connman_error("Failed to open file");
+               return -EINVAL;
        }
 
        p12 = d2i_PKCS12_fp(fp, NULL);
        if (!p12) {
-               print_openssl_error();
+               connman_error("Failed to open pkcs12");
                fclose(fp);
-               return;
+               return -EINVAL;
        }
 
        if (!PKCS12_parse(p12, pass, pkey, cert, ca)) {
-               print_openssl_error();
-               fclose(fp);
-               return;
+               connman_error("Failed to parse pkcs12");
+               err = -EINVAL;
        }
 
        PKCS12_free(p12);
-       return;
+       fclose(fp);
+
+       return err;
 }
 
 static char *get_private_key_str(struct openssl_private_data *data)
@@ -430,29 +462,30 @@ static char * get_nth_ca_cert_str(struct openssl_private_data *data, int num)
        return get_cert_str(cert);
 }
 
-static void extract_cert_info(const char *path, const char *pass, struct openssl_private_data *data)
+static int extract_cert_info(const char *path, const char *pass, struct openssl_private_data *data)
 {
+       int err = 0;
        if(!path || !data) {
                /* TODO :remove this after debug */
                DBG("there's no cert data");
-               return;
+               return 0;
        }
 
        switch (get_cert_type(path)) {
        case CERT_TYPE_DER:
-               read_der_file(path, &(data->local_cert));
+               err = read_der_file(path, &(data->local_cert));
                break;
        case CERT_TYPE_PEM:
-               read_pem_file(path, &(data->local_cert));
+               err = read_pem_file(path, &(data->local_cert));
                break;
        case CERT_TYPE_PKCS12:
-               read_pkcs12_file(path, pass, &(data->private_key), &(data->local_cert), &(data->ca_certs));
+               err = read_pkcs12_file(path, pass, &(data->private_key), &(data->local_cert), &(data->ca_certs));
                break;
        default:
                break;
        }
 
-       return;
+       return err;
 }
 
 static void free_openssl_private_data(struct openssl_private_data *data)
@@ -681,7 +714,7 @@ static int ipsec_load_shared_psk(struct vpn_provider *provider)
 
        if (!provider) {
                connman_error("invalid provider");
-               ret = -EINVAL;
+               return -EINVAL;
        }
 
        data = vpn_provider_get_string(provider, "IPsec.IKEData");
@@ -763,6 +796,12 @@ static char *load_file_from_path(const char *path)
        }
 
        fd = fileno(fp);
+       if (fd == -1) {
+               connman_error("fp is not a valid stream");
+               fclose(fp);
+               return NULL;
+       }
+
        fstat(fd, &st);
        file_size = st.st_size;
        file_buff = g_try_malloc0(sizeof(char)*st.st_size);
@@ -807,8 +846,10 @@ static int ipsec_load_key(struct vpn_provider *provider)
                return 0;
 
        sect = vici_create_section(NULL);
-       if (!sect)
+       if (!sect) {
+               g_free(data);
                return -ENOMEM;
+       }
 
        vici_add_kv(sect, "type", type, NULL);
        vici_add_kv(sect, "data", data, NULL);
@@ -1112,6 +1153,13 @@ static void check_vici_socket(struct ipsec_private_data *data)
        }
 }
 
+static void ipsec_died(struct connman_task *task, int exit_code, void *user_data)
+{
+       DBG("task %p exit_code %d", task, exit_code);
+       unlink(VICI_DEFAULT_URI);
+       vpn_died(task, exit_code, user_data);
+}
+
 static int ipsec_connect(struct vpn_provider *provider,
                        struct connman_task *task, const char *if_name,
                        vpn_provider_connect_cb_t cb, const char *dbus_sender,
@@ -1130,7 +1178,7 @@ static int ipsec_connect(struct vpn_provider *provider,
        /*
         * Start charon daemon using ipsec script of strongSwan.
         */
-       err = connman_task_run(task, vpn_died, provider, NULL, NULL, NULL);
+       err = connman_task_run(task, ipsec_died, provider, NULL, NULL, NULL);
        if (err < 0) {
                connman_error("charon start failed");
                if (cb)
@@ -1142,7 +1190,15 @@ static int ipsec_connect(struct vpn_provider *provider,
 
        path = vpn_provider_get_string(provider, "IPsec.LocalCerts");
        pass = vpn_provider_get_string(provider, "IPsec.LocalCertPass");
-       extract_cert_info(path, pass, &(data->openssl_data));
+       err = extract_cert_info(path, pass, &(data->openssl_data));
+       if (err < 0) {
+               connman_error("extract cert info failed");
+               if (cb)
+                       cb(provider, user_data, err);
+
+               g_free(data);
+               return err;
+       }
 
        check_vici_socket(data);
 //     g_usleep(G_USEC_PER_SEC);