svn commit: r278950 - head/sys/dev/random
Xin LI
delphij at FreeBSD.org
Wed Feb 18 08:21:53 UTC 2015
Author: delphij
Date: Wed Feb 18 08:21:51 2015
New Revision: 278950
URL: https://svnweb.freebsd.org/changeset/base/278950
Log:
- fortuna.c: catch up with r278927 and fix a buffer overflow by using the
temporary buffer when remaining space is not enough to hold
a whole block.
- yarrow.c: add a comment that we intend to change the code and remove
memcpy's in the future. (*)
Requested by: markm (*)
Reviewed by: markm
Approved by: so (self)
Modified:
head/sys/dev/random/fortuna.c
head/sys/dev/random/yarrow.c
Modified: head/sys/dev/random/fortuna.c
==============================================================================
--- head/sys/dev/random/fortuna.c Wed Feb 18 08:10:13 2015 (r278949)
+++ head/sys/dev/random/fortuna.c Wed Feb 18 08:21:51 2015 (r278950)
@@ -298,8 +298,13 @@ random_fortuna_genrandom(uint8_t *buf, u
KASSERT((bytecount <= (1 << 20)), ("invalid single read request to fortuna of %d bytes", bytecount));
/* F&S - r = first-n-bytes(GenerateBlocks(ceil(n/16))) */
- blockcount = (bytecount + BLOCKSIZE - 1)/BLOCKSIZE;
+ blockcount = bytecount / BLOCKSIZE;
random_fortuna_genblocks(buf, blockcount);
+ /* TODO: FIX! remove memcpy()! */
+ if (bytecount % BLOCKSIZE > 0) {
+ random_fortuna_genblocks(temp, 1);
+ memcpy(buf + (blockcount * BLOCKSIZE), temp, bytecount % BLOCKSIZE);
+ }
/* F&S - K = GenerateBlocks(2) */
random_fortuna_genblocks(temp, KEYSIZE/BLOCKSIZE);
Modified: head/sys/dev/random/yarrow.c
==============================================================================
--- head/sys/dev/random/yarrow.c Wed Feb 18 08:10:13 2015 (r278949)
+++ head/sys/dev/random/yarrow.c Wed Feb 18 08:21:51 2015 (r278950)
@@ -450,6 +450,7 @@ random_yarrow_read(uint8_t *buf, u_int b
}
uint128_increment(&yarrow_state.counter.whole);
if ((i + 1) * BLOCKSIZE > bytecount) {
+ /* TODO: FIX! remove memcpy()! */
randomdev_encrypt(&yarrow_state.key,
yarrow_state.counter.byte, tbuf, BLOCKSIZE);
memcpy(buf, tbuf, bytecount - i * BLOCKSIZE);
More information about the svn-src-all
mailing list