From 5a217bb2e7348a1bcc6cae47a09674b843fa038a Mon Sep 17 00:00:00 2001 From: James Jones Date: Mon, 16 Sep 2024 09:28:24 -0500 Subject: [PATCH] Handle edge case in fr_rand_init() and, we suspect, oveflow (CID #1604611) To handle the rare case of not filling fr_rand_pool.randrsl in a single read, adjust the location passed to read() to skip what was read in a previous interation. This is done in a way consistent with the handling of this case in 3.x, which should also deal with the overflow_sink complaint from Coverity. --- src/lib/util/rand.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/lib/util/rand.c b/src/lib/util/rand.c index fbe9ecca743f..53d17290f509 100644 --- a/src/lib/util/rand.c +++ b/src/lib/util/rand.c @@ -34,6 +34,8 @@ static _Thread_local bool fr_rand_initialized = false; void fr_rand_init(void) { int fd; + uint8_t *p = (uint8_t *) &fr_rand_pool.randrsl[0]; + uint8_t *end = p + sizeof(fr_rand_pool.randrsl); if (fr_rand_initialized) return; @@ -42,15 +44,12 @@ void fr_rand_init(void) fd = open("/dev/urandom", O_RDONLY); if (fd >= 0) { - size_t total; - ssize_t this; - - total = 0; - while (total < sizeof(fr_rand_pool.randrsl)) { - this = read(fd, fr_rand_pool.randrsl, - sizeof(fr_rand_pool.randrsl) - total); - if ((this < 0) && (errno != EINTR)) break; - if (this > 0) total += this; + ssize_t rcode; + + while (p < end) { + rcode = read(fd, p, (size_t) (end - p)); + if ((rcode < 0) && (errno != EINTR)) break; + if (rcode > 0) p += rcode; } close(fd); } else {