diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-10-21 11:14:02 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-10-21 11:14:02 +0000 |
| commit | 7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (patch) | |
| tree | 3291beffa55649f9be28b4a98a7d503d334fbcf2 /src/libstrongswan/plugins/plugin_loader.c | |
| parent | 41787e147279ff0695e9d759487266a60b80867b (diff) | |
| download | vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.tar.gz vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.3.4)
Diffstat (limited to 'src/libstrongswan/plugins/plugin_loader.c')
| -rw-r--r-- | src/libstrongswan/plugins/plugin_loader.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index ad5a9e240..459ba9ba9 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -22,6 +22,7 @@ #include <stdio.h> #include <debug.h> +#include <integrity_checker.h> #include <utils/linked_list.h> #include <plugins/plugin.h> @@ -61,27 +62,45 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name); + if (lib->integrity) + { + if (!lib->integrity->check_file(lib->integrity, name, file)) + { + DBG1("plugin '%s': failed file integrity test of '%s'", name, file); + return NULL; + } + } handle = dlopen(file, RTLD_LAZY); if (handle == NULL) { - DBG1("loading plugin '%s' failed: %s", name, dlerror()); + DBG1("plugin '%s': failed to load '%s' - %s", name, file, dlerror()); return NULL; } constructor = dlsym(handle, "plugin_create"); if (constructor == NULL) { - DBG1("loading plugin '%s' failed: no plugin_create() function", name); + DBG1("plugin '%s': failed to load - no plugin_create() function", name); dlclose(handle); return NULL; } + if (lib->integrity) + { + if (!lib->integrity->check_segment(lib->integrity, name, constructor)) + { + DBG1("plugin '%s': failed segment integrity test", name); + dlclose(handle); + return NULL; + } + DBG1("plugin '%s': passed file and segment integrity tests", name); + } plugin = constructor(); if (plugin == NULL) { - DBG1("loading plugin '%s' failed: plugin_create() returned NULL", name); + DBG1("plugin '%s': failed to load - plugin_create() returned NULL", name); dlclose(handle); return NULL; } - DBG2("plugin '%s' loaded successfully", name); + DBG2("plugin '%s': loaded successfully", name); /* we do not store or free dlopen() handles, leak_detective requires * the modules to keep loaded until leak report */ |