RT RT/krbdev.mit.edu: Ticket #2871 lib/crypto/prng.c doesn't deal w/read() returning -1 Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
2871
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
  • krb5-libs
Version_reported
  • 1.3.6
Version_Fixed
  • 1.4
Target_Version
  • 1.4
Tags
  • pullup
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Tue Jan 11 16:02:13 2005
Starts: Not set
Started: Wed Jan 12 19:22:48 2005
Last Contact: Wed Jan 12 19:38:02 2005
Due: Not set
Updated: Wed Jan 12 19:38:02 2005 by tlyu
 

 People  
Owner
 tlyu
Requestors
 flash@itp.tu-graz.ac.at
Cc
 
AdminCc
 
 

 More about Christian Pfaffel  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Tue Jan 11 16:02:13 2005  flash@itp.tu-graz.ac.at - Ticket created    
      
To: krb5-bugs@mit.edu
From: Christian Pfaffel <flash@itp.tu-graz.ac.at>
Date: 11 Jan 2005 21:57:36 +0100
Subject: Bug in lib/crypto/prng.c

 

      
Hi!

The following patch fixes a hang caused by an infinite loop in
read_entropy_from_device(), if the device exists, but read returns -1.
This happens for sintance on OpenBSD. Since the return value of read
is assigned to count and thus cast to size_t, the check (count <= 0)
does not fail for (count == -1).

I therefor suggest the following patch for 1.3.6. It also applies to
krb5-current with an offset.

Best regards,

Christian


diff -r -u krb5-1.3.6/src/lib/crypto/prng.c krb5-1.3.6.new/src/lib/crypto/prng.c
--- krb5-1.3.6/src/lib/crypto/prng.c	2003-03-06 21:08:24.000000000 +0100
+++ krb5-1.3.6.new/src/lib/crypto/prng.c	2005-01-11 21:13:53.000000000 +0100
@@ -164,9 +164,9 @@
     return 0;
   }
   for (left = sizeof (buf); left > 0;) {
-    size_t count;
+    ssize_t count;
     count = read (fd, &buf, (unsigned) left);
-    if (count <= 0) {
+    if ((count == -1) || (count <= 0)) {
       close(fd);
       return 0;
     }
Download (untitled) 944b
      
 
Download crypto_prng.patch 506b
      

--
Christian Pfaffel <flash@itp.tu-graz.ac.at>
Technische Universität Graz                 Telefon: +43 / 316 / 873 - 81 90
Institut für Theoretische Physik            Telefax: +43 / 316 / 873 - 86 78
Petersgasse 16, A-8010 Graz   http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg
Download (untitled) 280b
      Wed Jan 12 19:22:47 2005  tlyu - Subject changed from Bug in lib/crypto/prng.c to lib/crypto/prng.c doesn't deal w/read() returning -1    
      Wed Jan 12 19:22:48 2005  tlyu - Status changed from new to open    
      Wed Jan 12 19:22:48 2005  tlyu - Component krb5-libs added    
      Wed Jan 12 19:22:49 2005  tlyu - Version_reported 1.3.6 added    
      Wed Jan 12 19:22:49 2005  tlyu - Target_Version 1.4 added    
      Wed Jan 12 19:35:22 2005  tlyu - Status changed from open to resolved    
      Wed Jan 12 19:35:23 2005  tlyu - Tags pullup added    
      Wed Jan 12 19:35:23 2005  tlyu - Given to tlyu    
      Wed Jan 12 19:35:23 2005  tlyu - Correspondence added    
      
From: tlyu@mit.edu
Subject: CVS Commit

	* prng.c (read_entropy_from_device): Use ssize_t, not size_t, so
	read() returning -1 doesn't cause trouble.


To generate a diff of this commit:



	cvs diff -r5.171 -r5.172 krb5/src/lib/crypto/ChangeLog
	cvs diff -r5.22 -r5.23 krb5/src/lib/crypto/prng.c

Download (untitled) 257b
      Wed Jan 12 19:38:00 2005  tlyu - Version_Fixed 1.4 added    
      Wed Jan 12 19:38:01 2005  tlyu - Correspondence added    
      
From: tlyu@mit.edu
Subject: CVS Commit

pullup from trunk


To generate a diff of this commit:



	cvs diff -r5.168.4.2 -r5.168.4.3 krb5/src/lib/crypto/ChangeLog
	cvs diff -r5.20.4.1 -r5.20.4.2 krb5/src/lib/crypto/prng.c

Download (untitled) 181b