From: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon, 21 Sep 2020 21:22:18 +0000 (+0200)
Subject: Fix segfault when failing to read random numbers.
X-Git-Tag: release-1.1pre18~19
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=3ee0d5dddb56a13b8f3c50637e3cd075c701c9aa;ds=sidebyside

Fix segfault when failing to read random numbers.

Because the result of read() was incorrectly stored in an unsigned
variable, an error reading from the random number generator device would
result in an infinite loop that would start writing out of bounds and
eventually corrupt the stack.
---

diff --git a/src/nolegacy/crypto.c b/src/nolegacy/crypto.c
index b013f1f9..d6e2ce13 100644
--- a/src/nolegacy/crypto.c
+++ b/src/nolegacy/crypto.c
@@ -46,10 +46,10 @@ void randomize(void *vout, size_t outlen) {
 	char *out = vout;
 
 	while(outlen) {
-		size_t len = read(random_fd, out, outlen);
+		ssize_t len = read(random_fd, out, outlen);
 
 		if(len <= 0) {
-			if(errno == EAGAIN || errno == EINTR) {
+			if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
 				continue;
 			}
 
diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
index e594e73a..072bf7ab 100644
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -50,10 +50,10 @@ void randomize(void *vout, size_t outlen) {
 	char *out = vout;
 
 	while(outlen) {
-		size_t len = read(random_fd, out, outlen);
+		ssize_t len = read(random_fd, out, outlen);
 
 		if(len <= 0) {
-			if(errno == EAGAIN || errno == EINTR) {
+			if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
 				continue;
 			}