rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0109-UTIL-Use-sss_atomic_read_s-in-generate_csprng_buffer.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   b2d4308a8adc2267c8080d4de4152b068f20ec5f
  2.   SOURCES
  3.   0109-UTIL-Use-sss_atomic_read_s-in-generate_csprng_buffer.patch
Blob History Raw
b2d430 
From 60596973b503637c742b597aeb862eecae9f9c91 Mon Sep 17 00:00:00 2001
b2d430 
From: Jakub Hrozek <jhrozek@redhat.com>
b2d430 
Date: Mon, 8 Aug 2016 14:07:04 +0200
b2d430 
Subject: [PATCH 109/111] UTIL: Use sss_atomic_read_s in generate_csprng_buffer
b2d430 
MIME-Version: 1.0
b2d430 
Content-Type: text/plain; charset=UTF-8
b2d430 
Content-Transfer-Encoding: 8bit
b2d430
b2d430 
There was a bug in generate_csprng_buffer() where if we read the exact
b2d430 
amount of bytes from /dev/urandom, we would always return EIO. Instead,
b2d430 
let's reuse the existing code from sss_atomic_read_s() which fixes this
b2d430 
bug and reduces code duplication.
b2d430
b2d430 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
b2d430 
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
b2d430 
---
b2d430 
 Makefile.am                  |  2 ++
b2d430 
 src/util/crypto/sss_crypto.c | 29 +++++------------------------
b2d430 
 2 files changed, 7 insertions(+), 24 deletions(-)
b2d430
b2d430 
diff --git a/Makefile.am b/Makefile.am
b2d430 
index 4d90c7a46e2ee0fe652aa392cf647d056e06c7fc..a32a1e37c85e2370fa006ee73b730145f03c3fc1 100644
b2d430 
--- a/Makefile.am
b2d430 
+++ b/Makefile.am
b2d430 
@@ -815,6 +815,7 @@ if HAVE_NSS
b2d430 
                         src/util/crypto/nss/nss_nite.c \
b2d430 
                         src/util/crypto/nss/nss_util.c \
b2d430 
 			src/util/crypto/sss_crypto.c \
b2d430 
+			src/util/atomic_io.c \
b2d430 
 			$(NULL)
b2d430 
     SSS_CRYPT_CFLAGS = $(NSS_CFLAGS)
b2d430 
     SSS_CRYPT_LIBS = $(NSS_LIBS)
b2d430 
@@ -836,6 +837,7 @@ else
b2d430 
                         src/util/crypto/libcrypto/crypto_obfuscate.c \
b2d430 
                         src/util/crypto/libcrypto/crypto_nite.c \
b2d430 
 			src/util/crypto/sss_crypto.c \
b2d430 
+			src/util/atomic_io.c \
b2d430 
 			$(NULL)
b2d430 
     SSS_CRYPT_CFLAGS = $(CRYPTO_CFLAGS)
b2d430 
     SSS_CRYPT_LIBS = $(CRYPTO_LIBS)
b2d430 
diff --git a/src/util/crypto/sss_crypto.c b/src/util/crypto/sss_crypto.c
b2d430 
index 4c775f3d926ae32f3cb72b1329c0a025a0550ed5..ac90bac07c7006a2950331b86bcc412207a3e401 100644
b2d430 
--- a/src/util/crypto/sss_crypto.c
b2d430 
+++ b/src/util/crypto/sss_crypto.c
b2d430 
@@ -25,41 +25,22 @@
b2d430 
 int generate_csprng_buffer(uint8_t *buf, size_t size)
b2d430 
 {
b2d430 
     ssize_t rsize;
b2d430 
-    ssize_t pos;
b2d430 
     int ret;
b2d430 
     int fd;
b2d430
b2d430 
     fd = open("/dev/urandom", O_RDONLY);
b2d430 
     if (fd == -1) return errno;
b2d430
b2d430 
-    rsize = 0;
b2d430 
-    pos = 0;
b2d430 
-    while (rsize < size) {
b2d430 
-        rsize = read(fd, buf + pos, size - pos);
b2d430 
-        switch (rsize) {
b2d430 
-        case -1:
b2d430 
-            if (errno == EINTR) continue;
b2d430 
-            ret = EIO;
b2d430 
-            goto done;
b2d430 
-        case 0:
b2d430 
-            ret = EIO;
b2d430 
-            goto done;
b2d430 
-        default:
b2d430 
-            if (rsize + pos < size - pos) {
b2d430 
-                pos += rsize;
b2d430 
-                continue;
b2d430 
-            }
b2d430 
-            ret = EIO;
b2d430 
-            goto done;
b2d430 
-        }
b2d430 
-    }
b2d430 
-    if (rsize != size) {
b2d430 
+    rsize = sss_atomic_read_s(fd, buf, size);
b2d430 
+    if (rsize == -1) {
b2d430 
+        ret = errno;
b2d430 
+        goto done;
b2d430 
+    } else if (rsize != size) {
b2d430 
         ret = EFAULT;
b2d430 
         goto done;
b2d430 
     }
b2d430
b2d430 
     ret = EOK;
b2d430 
-
b2d430 
 done:
b2d430 
     close(fd);
b2d430 
     return ret;
b2d430 
--
b2d430 
2.4.11
b2d430

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation