From: Guus Sliepen Date: Mon, 21 Sep 2020 21:22:18 +0000 (+0200) Subject: Fix segfault when failing to read random numbers. X-Git-Tag: release-1.1pre18~19 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=3ee0d5dddb56a13b8f3c50637e3cd075c701c9aa;p=tinc Fix segfault when failing to read random numbers. Because the result of read() was incorrectly stored in an unsigned variable, an error reading from the random number generator device would result in an infinite loop that would start writing out of bounds and eventually corrupt the stack. --- diff --git a/src/nolegacy/crypto.c b/src/nolegacy/crypto.c index b013f1f9..d6e2ce13 100644 --- a/src/nolegacy/crypto.c +++ b/src/nolegacy/crypto.c @@ -46,10 +46,10 @@ void randomize(void *vout, size_t outlen) { char *out = vout; while(outlen) { - size_t len = read(random_fd, out, outlen); + ssize_t len = read(random_fd, out, outlen); if(len <= 0) { - if(errno == EAGAIN || errno == EINTR) { + if(len == -1 && (errno == EAGAIN || errno == EINTR)) { continue; } diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c index e594e73a..072bf7ab 100644 --- a/src/openssl/crypto.c +++ b/src/openssl/crypto.c @@ -50,10 +50,10 @@ void randomize(void *vout, size_t outlen) { char *out = vout; while(outlen) { - size_t len = read(random_fd, out, outlen); + ssize_t len = read(random_fd, out, outlen); if(len <= 0) { - if(errno == EAGAIN || errno == EINTR) { + if(len == -1 && (errno == EAGAIN || errno == EINTR)) { continue; }