X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/1caa23ff879cec7f8f36b32a987f0610291ef177..refs/heads/master:/random.c

diff --git a/random.c b/random.c
index 39a9cb0..323fffd 100644
--- a/random.c
+++ b/random.c
@@ -1,3 +1,22 @@
+/*
+ * This file is part of secnet.
+ * See README for full list of copyright holders.
+ *
+ * secnet is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * secnet is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * version 3 along with secnet; if not, see
+ * https://www.gnu.org/licenses/gpl.html.
+ */
+
 #include "secnet.h"
 #include <stdio.h>
 #include <fcntl.h>
@@ -14,7 +33,7 @@ struct rgen_data {
 };
 
 static random_fn random_generate;
-static bool_t random_generate(void *data, int32_t bytes, uint8_t *buff)
+static void random_generate(void *data, int32_t bytes, uint8_t *buff)
 {
     struct rgen_data *st=data;
     int r;
@@ -22,26 +41,10 @@ static bool_t random_generate(void *data, int32_t bytes, uint8_t *buff)
     r= read(st->fd,buff,bytes);
 
     assert(r == bytes);
-    /* This is totally crap error checking, but AFAICT many callers of
-     * this function do not check the return value.  This is a minimal
-     * change to make the code not fail silently-but-insecurely.
-     *
-     * A proper fix requires either:
-     *  - Declare all random number generation failures as fatal
-     *    errors, and make this return void, and fix all callers,
-     *    and make this call some appropriate function if it fails.
-     *  - Make this have proper error checking (and reporting!)
-     *    and make all callers check the error (and report!);
-     *    this will be tricky, I think, because you have to report
-     *    the errno somewhere.
-     *
-     * There's also the issue that this is only one possible
-     * implementation of a random number source; others may not rely
-     * on reading from a file descriptor, and may not produce
-     * appropriate settings of errno.
+    /* This is totally crap error checking, but callers of
+     * this function do not check the return value and dealing
+     * with failure of this everywhere would be very inconvenient.
      */
-
-    return True;
 }
 
 static list_t *random_apply(closure_t *self, struct cloc loc,
@@ -51,7 +54,7 @@ static list_t *random_apply(closure_t *self, struct cloc loc,
     item_t *arg1, *arg2;
     string_t filename=NULL;
 
-    st=safe_malloc(sizeof(*st),"random_apply");
+    NEW(st);
 
     st->cl.description="randomsource";
     st->cl.type=CL_RANDOMSRC;