Skip Menu |
 

To: krb5-bugs@mit.edu
From: Christian Pfaffel <flash@itp.tu-graz.ac.at>
Date: 11 Jan 2005 21:57:36 +0100
Subject: Bug in lib/crypto/prng.c
Hi!

The following patch fixes a hang caused by an infinite loop in
read_entropy_from_device(), if the device exists, but read returns -1.
This happens for sintance on OpenBSD. Since the return value of read
is assigned to count and thus cast to size_t, the check (count <= 0)
does not fail for (count == -1).

I therefor suggest the following patch for 1.3.6. It also applies to
krb5-current with an offset.

Best regards,

Christian


diff -r -u krb5-1.3.6/src/lib/crypto/prng.c krb5-1.3.6.new/src/lib/crypto/prng.c
--- krb5-1.3.6/src/lib/crypto/prng.c 2003-03-06 21:08:24.000000000 +0100
+++ krb5-1.3.6.new/src/lib/crypto/prng.c 2005-01-11 21:13:53.000000000 +0100
@@ -164,9 +164,9 @@
return 0;
}
for (left = sizeof (buf); left > 0;) {
- size_t count;
+ ssize_t count;
count = read (fd, &buf, (unsigned) left);
- if (count <= 0) {
+ if ((count == -1) || (count <= 0)) {
close(fd);
return 0;
}
Download crypto_prng.patch
text/x-patch 506B

Message body is not shown because sender requested not to inline it.


--
Christian Pfaffel <flash@itp.tu-graz.ac.at>
Technische UniversitÀt Graz Telefon: +43 / 316 / 873 - 81 90
Institut fÃŒr Theoretische Physik Telefax: +43 / 316 / 873 - 86 78
Petersgasse 16, A-8010 Graz http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg
From: tlyu@mit.edu
Subject: CVS Commit
* prng.c (read_entropy_from_device): Use ssize_t, not size_t, so
read() returning -1 doesn't cause trouble.


To generate a diff of this commit:



cvs diff -r5.171 -r5.172 krb5/src/lib/crypto/ChangeLog
cvs diff -r5.22 -r5.23 krb5/src/lib/crypto/prng.c
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r5.168.4.2 -r5.168.4.3 krb5/src/lib/crypto/ChangeLog
cvs diff -r5.20.4.1 -r5.20.4.2 krb5/src/lib/crypto/prng.c