X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/8689b3a94c043f04e334a7b181a7250ad5940616..86420bb75f19f628ffd2d8ff9964e59ed99e3187:/random.c

diff --git a/random.c b/random.c
index c481527..2680827 100644
--- a/random.c
+++ b/random.c
@@ -1,4 +1,20 @@
-/* $Log$
+/*
+ * This file is part of secnet.
+ * See README for full list of copyright holders.
+ *
+ * secnet is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version d of the License, or
+ * (at your option) any later version.
+ * 
+ * secnet is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * version 3 along with secnet; if not, see
+ * https://www.gnu.org/licenses/gpl.html.
  */
 
 #include "secnet.h"
@@ -7,6 +23,7 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <assert.h>
 
 struct rgen_data {
     closure_t cl;
@@ -16,12 +33,32 @@ struct rgen_data {
 };
 
 static random_fn random_generate;
-static bool_t random_generate(void *data, uint32_t bytes, uint8_t *buff)
+static bool_t random_generate(void *data, int32_t bytes, uint8_t *buff)
 {
     struct rgen_data *st=data;
+    int r;
 
-    /* XXX XXX error checking */
-    read(st->fd,buff,bytes);
+    r= read(st->fd,buff,bytes);
+
+    assert(r == bytes);
+    /* This is totally crap error checking, but AFAICT many callers of
+     * this function do not check the return value.  This is a minimal
+     * change to make the code not fail silently-but-insecurely.
+     *
+     * A proper fix requires either:
+     *  - Declare all random number generation failures as fatal
+     *    errors, and make this return void, and fix all callers,
+     *    and make this call some appropriate function if it fails.
+     *  - Make this have proper error checking (and reporting!)
+     *    and make all callers check the error (and report!);
+     *    this will be tricky, I think, because you have to report
+     *    the errno somewhere.
+     *
+     * There's also the issue that this is only one possible
+     * implementation of a random number source; others may not rely
+     * on reading from a file descriptor, and may not produce
+     * appropriate settings of errno.
+     */
 
     return True;
 }
@@ -33,7 +70,7 @@ static list_t *random_apply(closure_t *self, struct cloc loc,
     item_t *arg1, *arg2;
     string_t filename=NULL;
 
-    st=safe_malloc(sizeof(*st),"random_apply");
+    NEW(st);
 
     st->cl.description="randomsource";
     st->cl.type=CL_RANDOMSRC;
@@ -48,7 +85,7 @@ static list_t *random_apply(closure_t *self, struct cloc loc,
     arg2=list_elem(args,1);
 
     if (!arg1) {
-	fatal("randomsource: requires a filename\n");
+	cfgfatal(loc,"randomsource","requires a filename\n");
     }
     if (arg1->type != t_string) {
 	cfgfatal(arg1->loc,"randomsource",
@@ -65,7 +102,7 @@ static list_t *random_apply(closure_t *self, struct cloc loc,
     }
 
     if (!filename) {
-	fatal("randomsource requires a filename");
+	cfgfatal(loc,"randomsource","requires a filename\n");
     }
     st->fd=open(filename,O_RDONLY);
     if (st->fd<0) {