edecca
From f341ec3a1077c2d876ece271e5f58aa8d3ef795a Mon Sep 17 00:00:00 2001
edecca
Message-Id: <f341ec3a1077c2d876ece271e5f58aa8d3ef795a@dist-git>
edecca
From: Michal Privoznik <mprivozn@redhat.com>
edecca
Date: Mon, 3 Dec 2018 08:46:18 -0500
edecca
Subject: [PATCH] util: Don't overflow in virRandomBits
edecca
MIME-Version: 1.0
edecca
Content-Type: text/plain; charset=UTF-8
edecca
Content-Transfer-Encoding: 8bit
edecca
edecca
https://bugzilla.redhat.com/show_bug.cgi?id=1655586 [RHEL8]
edecca
https://bugzilla.redhat.com/show_bug.cgi?id=1652894 [RHEL7]
edecca
edecca
The function is supposed to return up to 64bit long integer. In
edecca
order to do that it calls virRandomBytes() to fill the integer
edecca
with random bytes and then masks out everything but requested
edecca
bits. However, when doing that it shifts 1U and not 1ULL. So
edecca
effectively, requesting 32 random bis or more always return 0
edecca
which is not random enough.
edecca
edecca
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
edecca
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
edecca
Reviewed-by: Pino Toscano <ptoscano@redhat.com>
edecca
(cherry picked from commit 78c47a92ecb450c9f8bcabd35da7006dc2547882)
edecca
Signed-off-by: John Ferlan <jferlan@redhat.com>
edecca
---
edecca
 src/util/virrandom.c | 2 +-
edecca
 1 file changed, 1 insertion(+), 1 deletion(-)
edecca
edecca
diff --git a/src/util/virrandom.c b/src/util/virrandom.c
edecca
index 01cc82a052..3c011a8615 100644
edecca
--- a/src/util/virrandom.c
edecca
+++ b/src/util/virrandom.c
edecca
@@ -68,7 +68,7 @@ uint64_t virRandomBits(int nbits)
edecca
         return 0;
edecca
     }
edecca
 
edecca
-    ret &= (1U << nbits) - 1;
edecca
+    ret &= (1ULL << nbits) - 1;
edecca
     return ret;
edecca
 }
edecca
 
edecca
-- 
edecca
2.20.1
edecca