Date: Fri, 5 Sep 2003 00:22:23 +0200 From: Juergen Buchmueller <pullmoll@stop1984.com> To: freebsd-bugs@FreeBSD.ORG Subject: minor flaws Message-ID: <200309050022.46676.pullmoll@stop1984.com>
next in thread | raw e-mail | index | archive | help
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I sent these to the maintainers of the respective source (obriend and phk)=
=20
some days ago. I think my mails were hidden by some noise.
The first flaw was imported from OpenBSD and is confirmed and fixed there. =
The=20
second is a FBSD only source.
*** sys/crypt/sha2/sha2.c
Replace all 6 occurences of
bzero(context, sizeof(context));
with
bzero(context, sizeof(*context));
As it is now, you're zapping only the first 4 bytes of context, i.e.=20
sizeof(pointer), not the entire context.
*** sys/dev/random/randomdev.c
in the function random_write_internal(void *buf, int count);
I think there's a leak, where parts of the "void *buf" would be inserted in=
to=20
the entropy harvest list. The leaking would happen whenever "int count" was=
=20
less than HARVESTSIZE. In this case the first loop would still put a chunk =
of=20
HARVESTSIZE bytes into the list... reading beyond what it was told to do.
To make the code much simpler I'd suggest to write it like this:
static void
random_write_internal(void *buf, int count)
{
int i;
/* Break the input up into HARVESTSIZE chunks.
* The writer has too much control here, so "estimate" the
* the entropy as zero.
*/
for (i =3D 0; i < count; i +=3D HARVESTSIZE) {
u_int chunk =3D HARVESTSIZE;
if (i + chunk >=3D count)
chunk =3D (u_int)(count - i);
random_harvest_internal(get_cyclecount(), (char *)buf + i,
chunk, 0, 0, RANDOM_WRITE);
}
}
I'm not sure if "buf" can contain anything else but zeroes beyond "count", =
so=20
changing the code might not be too important. You decide :)
HTH
Ciao,
Juergen
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/V7slpazEcUzoV+ARAuXNAJ4xc1HltrvdiYNGgFILZoro6f1fNACfRxG/
IAES9wqQGPKm1FwCO+H5rR8=3D
=3D+c24
=2D----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309050022.46676.pullmoll>