[secnet] / random.c

#include "secnet.h"
#include <stdio.h>
#include <fcntl.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
#include <assert.h>

struct rgen_data {
    closure_t cl;
    struct random_if ops;
    struct cloc loc;
    int fd;
};

static random_fn random_generate;
static bool_t random_generate(void *data, int32_t bytes, uint8_t *buff)
{
    struct rgen_data *st=data;
    int r;

    r= read(st->fd,buff,bytes);

    assert(r == bytes);
    /* This is totally crap error checking, but AFAICT many callers of
     * this function do not check the return value.  This is a minimal
     * change to make the code not fail silently-but-insecurely.
     *
     * A proper fix requires either:
     *  - Declare all random number generation failures as fatal
     *    errors, and make this return void, and fix all callers,
     *    and make this call some appropriate function if it fails.
     *  - Make this have proper error checking (and reporting!)
     *    and make all callers check the error (and report!);
     *    this will be tricky, I think, because you have to report
     *    the errno somewhere.
     *
     * There's also the issue that this is only one possible
     * implementation of a random number source; others may not rely
     * on reading from a file descriptor, and may not produce
     * appropriate settings of errno.
     */

    return True;
}

static list_t *random_apply(closure_t *self, struct cloc loc,
			    dict_t *context, list_t *args)
{
    struct rgen_data *st;
    item_t *arg1, *arg2;
    string_t filename=NULL;

    st=safe_malloc(sizeof(*st),"random_apply");

    st->cl.description="randomsource";
    st->cl.type=CL_RANDOMSRC;
    st->cl.apply=NULL;
    st->cl.interface=&st->ops;
    st->ops.st=st;
    st->ops.blocking=False;
    st->ops.generate=random_generate;
    st->loc=loc;

    arg1=list_elem(args,0);
    arg2=list_elem(args,1);

    if (!arg1) {
	cfgfatal(loc,"randomsource","requires a filename\n");
    }
    if (arg1->type != t_string) {
	cfgfatal(arg1->loc,"randomsource",
		 "filename (arg1) must be a string\n");
    }
    filename=arg1->data.string;

    if (arg2) {
	if (arg2->type != t_bool) {
	    cfgfatal(arg2->loc,"randomsource",
		     "blocking parameter (arg2) must be bool\n");
	}
	st->ops.blocking=arg2->data.bool;
    }

    if (!filename) {
	cfgfatal(loc,"randomsource","requires a filename\n");
    }
    st->fd=open(filename,O_RDONLY);
    if (st->fd<0) {
	fatal_perror("randomsource (%s:%d): cannot open %s",arg1->loc.file,
		     arg1->loc.line,filename);
    }
    return new_closure(&st->cl);
}

void random_module(dict_t *d)
{
    add_closure(d,"randomfile",random_apply);
}
Commit	Line	Data
8689b3a9	1	#include "secnet.h"
2fe58dfd SE	2	#include <stdio.h>
	3	#include <fcntl.h>
	4	#include <string.h>
2fe58dfd SE	5	#include <sys/stat.h>
2fe58dfd SE	6	#include <unistd.h>
4f5e39ec	7	#include <assert.h>
2fe58dfd	8
2fe58dfd SE	9	struct rgen_data {
	10	closure_t cl;
	11	struct random_if ops;
	12	struct cloc loc;
	13	int fd;
	14	};
	15
	16	static random_fn random_generate;
1caa23ff	17	static bool_t random_generate(void data, int32_t bytes, uint8_t buff)
2fe58dfd SE	18	{
2fe58dfd SE	19	struct rgen_data *st=data;
4f5e39ec	20	int r;
2fe58dfd	21
4f5e39ec SE	22	r= read(st->fd,buff,bytes);
	23
	24	assert(r == bytes);
	25	/* This is totally crap error checking, but AFAICT many callers of
	26	* this function do not check the return value. This is a minimal
	27	* change to make the code not fail silently-but-insecurely.
	28	*
	29	* A proper fix requires either:
	30	* - Declare all random number generation failures as fatal
	31	* errors, and make this return void, and fix all callers,
	32	* and make this call some appropriate function if it fails.
	33	* - Make this have proper error checking (and reporting!)
	34	* and make all callers check the error (and report!);
	35	* this will be tricky, I think, because you have to report
	36	* the errno somewhere.
	37	*
	38	* There's also the issue that this is only one possible
	39	* implementation of a random number source; others may not rely
	40	* on reading from a file descriptor, and may not produce
	41	* appropriate settings of errno.
	42	*/
2fe58dfd SE	43
	44	return True;
	45	}
	46
	47	static list_t random_apply(closure_t self, struct cloc loc,
	48	dict_t context, list_t args)
	49	{
	50	struct rgen_data *st;
	51	item_t arg1, arg2;
	52	string_t filename=NULL;
	53
	54	st=safe_malloc(sizeof(*st),"random_apply");
	55
	56	st->cl.description="randomsource";
	57	st->cl.type=CL_RANDOMSRC;
	58	st->cl.apply=NULL;
	59	st->cl.interface=&st->ops;
	60	st->ops.st=st;
	61	st->ops.blocking=False;
	62	st->ops.generate=random_generate;
	63	st->loc=loc;
	64
	65	arg1=list_elem(args,0);
	66	arg2=list_elem(args,1);
	67
	68	if (!arg1) {
4f5e39ec	69	cfgfatal(loc,"randomsource","requires a filename\n");
2fe58dfd SE	70	}
	71	if (arg1->type != t_string) {
	72	cfgfatal(arg1->loc,"randomsource",
	73	"filename (arg1) must be a string\n");
	74	}
	75	filename=arg1->data.string;
	76
	77	if (arg2) {
	78	if (arg2->type != t_bool) {
	79	cfgfatal(arg2->loc,"randomsource",
	80	"blocking parameter (arg2) must be bool\n");
	81	}
	82	st->ops.blocking=arg2->data.bool;
	83	}
	84
	85	if (!filename) {
4f5e39ec	86	cfgfatal(loc,"randomsource","requires a filename\n");
2fe58dfd SE	87	}
	88	st->fd=open(filename,O_RDONLY);
	89	if (st->fd<0) {
	90	fatal_perror("randomsource (%s:%d): cannot open %s",arg1->loc.file,
	91	arg1->loc.line,filename);
	92	}
	93	return new_closure(&st->cl);
	94	}
	95
	96	void random_module(dict_t *d)
	97	{
	98	add_closure(d,"randomfile",random_apply);
	99	}