From owner-svn-src-head@freebsd.org Wed Oct 5 17:03:23 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5413DAF6513; Wed, 5 Oct 2016 17:03:23 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 239B6D54; Wed, 5 Oct 2016 17:03:23 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u95H3MRc016638; Wed, 5 Oct 2016 17:03:22 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u95H3MRS016637; Wed, 5 Oct 2016 17:03:22 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201610051703.u95H3MRS016637@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Wed, 5 Oct 2016 17:03:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r306708 - head/lib/libc/stdlib X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2016 17:03:23 -0000 Author: emaste Date: Wed Oct 5 17:03:22 2016 New Revision: 306708 URL: https://svnweb.freebsd.org/changeset/base/306708 Log: abort in srandomdev if kern.arandom sysctl fails The sysctl cannot fail. If it does fail on some FreeBSD derivative or after some future change, just abort() so that the problem will be found and fixed. While abort() is not normally suitable for a library, it makes sense here. This is akin to r306636 for arc4random. Reviewed by: ed MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D8077 Modified: head/lib/libc/stdlib/random.c Modified: head/lib/libc/stdlib/random.c ============================================================================== --- head/lib/libc/stdlib/random.c Wed Oct 5 16:23:02 2016 (r306707) +++ head/lib/libc/stdlib/random.c Wed Oct 5 17:03:22 2016 (r306708) @@ -270,16 +270,17 @@ void srandomdev(void) { int mib[2]; - size_t len; + size_t expected, len; if (rand_type == TYPE_0) - len = sizeof(state[0]); + expected = len = sizeof(state[0]); else - len = rand_deg * sizeof(state[0]); + expected = len = rand_deg * sizeof(state[0]); mib[0] = CTL_KERN; mib[1] = KERN_ARND; - sysctl(mib, 2, state, &len, NULL, 0); + if (sysctl(mib, 2, state, &len, NULL, 0) == -1 || len != expected) + abort(); if (rand_type != TYPE_0) { fptr = &state[rand_sep];