From owner-freebsd-bugs@FreeBSD.ORG Thu Sep 4 15:23:47 2003 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A17C16A4BF for ; Thu, 4 Sep 2003 15:23:47 -0700 (PDT) Received: from mail.stop1984.com (stop1984.com [217.172.182.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5048F43FE9 for ; Thu, 4 Sep 2003 15:23:46 -0700 (PDT) (envelope-from pullmoll@stop1984.com) Received: from baffled.dyndns.org (p50857B9E.dip.t-dialin.net [80.133.123.158]) by mail.stop1984.com (Postfix) with ESMTP id 727732941A0 for ; Fri, 5 Sep 2003 00:25:59 +0200 (CEST) From: Juergen Buchmueller Organization: STOP1984 To: freebsd-bugs@FreeBSD.ORG Date: Fri, 5 Sep 2003 00:22:23 +0200 User-Agent: KMail/1.5.3 MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: clearsigned data Content-Disposition: inline Message-Id: <200309050022.46676.pullmoll@stop1984.com> Subject: minor flaws X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: pullmoll@stop1984.com List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Sep 2003 22:23:47 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I sent these to the maintainers of the respective source (obriend and phk)= =20 some days ago. I think my mails were hidden by some noise. The first flaw was imported from OpenBSD and is confirmed and fixed there. = The=20 second is a FBSD only source. *** sys/crypt/sha2/sha2.c Replace all 6 occurences of bzero(context, sizeof(context)); with bzero(context, sizeof(*context)); As it is now, you're zapping only the first 4 bytes of context, i.e.=20 sizeof(pointer), not the entire context. *** sys/dev/random/randomdev.c in the function random_write_internal(void *buf, int count); I think there's a leak, where parts of the "void *buf" would be inserted in= to=20 the entropy harvest list. The leaking would happen whenever "int count" was= =20 less than HARVESTSIZE. In this case the first loop would still put a chunk = of=20 HARVESTSIZE bytes into the list... reading beyond what it was told to do. To make the code much simpler I'd suggest to write it like this: static void random_write_internal(void *buf, int count) { int i; /* Break the input up into HARVESTSIZE chunks. * The writer has too much control here, so "estimate" the * the entropy as zero. */ for (i =3D 0; i < count; i +=3D HARVESTSIZE) { u_int chunk =3D HARVESTSIZE; if (i + chunk >=3D count) chunk =3D (u_int)(count - i); random_harvest_internal(get_cyclecount(), (char *)buf + i, chunk, 0, 0, RANDOM_WRITE); } } I'm not sure if "buf" can contain anything else but zeroes beyond "count", = so=20 changing the code might not be too important. You decide :) HTH Ciao, Juergen =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/V7slpazEcUzoV+ARAuXNAJ4xc1HltrvdiYNGgFILZoro6f1fNACfRxG/ IAES9wqQGPKm1FwCO+H5rR8=3D =3D+c24 =2D----END PGP SIGNATURE-----