Date: Fri, 13 Dec 2019 04:55:17 +0000 (UTC) From: Conrad Meyer <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r355695 - head/lib/libradius Message-ID: <201912130455.xBD4tH4X041644@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Fri Dec 13 04:55:17 2019 New Revision: 355695 URL: https://svnweb.freebsd.org/changeset/base/355695 Log: libradius: Rip out dubious use of srandomdev(3)+random(3) These functions appear to intend to produce unpredictable results. Just use arc4random. While here, use an explicit_bzero instead of memset where the intent is clearly to zero out a secret (clear_passphrase). Modified: head/lib/libradius/radlib.c Modified: head/lib/libradius/radlib.c ============================================================================== --- head/lib/libradius/radlib.c Fri Dec 13 04:48:20 2019 (r355694) +++ head/lib/libradius/radlib.c Fri Dec 13 04:55:17 2019 (r355695) @@ -79,7 +79,7 @@ static void clear_password(struct rad_handle *h) { if (h->pass_len != 0) { - memset(h->pass, 0, h->pass_len); + explicit_bzero(h->pass, h->pass_len); h->pass_len = 0; } h->pass_pos = 0; @@ -852,8 +852,8 @@ rad_create_request(struct rad_handle *h, int code) if (code == RAD_ACCESS_REQUEST) { /* Create a random authenticator */ for (i = 0; i < LEN_AUTH; i += 2) { - long r; - r = random(); + uint32_t r; + r = arc4random(); h->out[POS_AUTH+i] = (u_char)r; h->out[POS_AUTH+i+1] = (u_char)(r >> 8); } @@ -1051,10 +1051,9 @@ rad_auth_open(void) h = (struct rad_handle *)malloc(sizeof(struct rad_handle)); if (h != NULL) { - srandomdev(); h->fd = -1; h->num_servers = 0; - h->ident = random(); + h->ident = arc4random(); h->errmsg[0] = '\0'; memset(h->pass, 0, sizeof h->pass); h->pass_len = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201912130455.xBD4tH4X041644>