Fix segfault when failing to read random numbers.

Because the result of read() was incorrectly stored in an unsigned
variable, an error reading from the random number generator device would
result in an infinite loop that would start writing out of bounds and
eventually corrupt the stack.

diff --git a/src/nolegacy/crypto.c b/src/nolegacy/crypto.c
index b013f1f94019ba9afd165847592258b7a2c020d1..d6e2ce13c69ddc15cdf357eb918142c16826415e 100644 (file)
--- a/src/nolegacy/crypto.c
+++ b/src/nolegacy/crypto.c
@@ -46,10 +46,10 @@ void randomize(void *vout, size_t outlen) {
        char *out = vout;
 
        while(outlen) {
-               size_t len = read(random_fd, out, outlen);
+               ssize_t len = read(random_fd, out, outlen);
 
                if(len <= 0) {
-                       if(errno == EAGAIN || errno == EINTR) {
+                       if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
                                continue;
                        }
 

diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
index e594e73a070ff7f694e9cb6c7f85493e5559b7c1..072bf7ab763a0bd3eea19e54971c995e95a7bcab 100644 (file)
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -50,10 +50,10 @@ void randomize(void *vout, size_t outlen) {
        char *out = vout;
 
        while(outlen) {
-               size_t len = read(random_fd, out, outlen);
+               ssize_t len = read(random_fd, out, outlen);
 
                if(len <= 0) {
-                       if(errno == EAGAIN || errno == EINTR) {
+                       if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
                                continue;
                        }