From 3ee0d5dddb56a13b8f3c50637e3cd075c701c9aa Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon, 21 Sep 2020 23:22:18 +0200
Subject: [PATCH] Fix segfault when failing to read random numbers.

Because the result of read() was incorrectly stored in an unsigned
variable, an error reading from the random number generator device would
result in an infinite loop that would start writing out of bounds and
eventually corrupt the stack.
---
 src/nolegacy/crypto.c | 4 ++--
 src/openssl/crypto.c  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/nolegacy/crypto.c b/src/nolegacy/crypto.c
index b013f1f9..d6e2ce13 100644
--- a/src/nolegacy/crypto.c
+++ b/src/nolegacy/crypto.c
@@ -46,10 +46,10 @@ void randomize(void *vout, size_t outlen) {
 	char *out = vout;
 
 	while(outlen) {
-		size_t len = read(random_fd, out, outlen);
+		ssize_t len = read(random_fd, out, outlen);
 
 		if(len <= 0) {
-			if(errno == EAGAIN || errno == EINTR) {
+			if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
 				continue;
 			}
 
diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
index e594e73a..072bf7ab 100644
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -50,10 +50,10 @@ void randomize(void *vout, size_t outlen) {
 	char *out = vout;
 
 	while(outlen) {
-		size_t len = read(random_fd, out, outlen);
+		ssize_t len = read(random_fd, out, outlen);
 
 		if(len <= 0) {
-			if(errno == EAGAIN || errno == EINTR) {
+			if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
 				continue;
 			}
 
-- 
2.20.1