diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2022-05-02 15:03:32 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2022-05-02 15:03:32 +0200 |
| commit | 3bfbcb5807ec43b6470bd7bb3e3ca0375ed16544 (patch) | |
| tree | 3db6982129eb4fa9f470c152bbe84163ff913792 | |
| parent | 5ba56e8b95ea84dbd7c0f7adfb9bdb1740480904 (diff) | |
| download | busybox-w32-3bfbcb5807ec43b6470bd7bb3e3ca0375ed16544.tar.gz busybox-w32-3bfbcb5807ec43b6470bd7bb3e3ca0375ed16544.tar.bz2 busybox-w32-3bfbcb5807ec43b6470bd7bb3e3ca0375ed16544.zip | |
seedrng: restore error check on fsync
Or else security people will never stop nagging us.
function old new delta
seedrng_main 884 906 +22
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | miscutils/seedrng.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/miscutils/seedrng.c b/miscutils/seedrng.c index 8c81835f6..4f2441abc 100644 --- a/miscutils/seedrng.c +++ b/miscutils/seedrng.c | |||
| @@ -134,12 +134,14 @@ static void seed_from_file_if_exists(const char *filename, int dfd, bool credit, | |||
| 134 | /* We are going to use this data to seed the RNG: | 134 | /* We are going to use this data to seed the RNG: |
| 135 | * we believe it to genuinely containing entropy. | 135 | * we believe it to genuinely containing entropy. |
| 136 | * If this just-unlinked file survives | 136 | * If this just-unlinked file survives |
| 137 | * (e.g. if machine crashes _right now_) | 137 | * (if machine crashes before deletion is recorded on disk) |
| 138 | * and we reuse it after reboot, this assumption | 138 | * and we reuse it after reboot, this assumption |
| 139 | * would be violated. Fsync the directory to | 139 | * would be violated, and RNG may end up generating |
| 140 | * make sure file is gone: | 140 | * the same data. fsync the directory |
| 141 | * to make sure file is gone: | ||
| 141 | */ | 142 | */ |
| 142 | fsync(dfd); | 143 | if (fsync(dfd) != 0) |
| 144 | bb_simple_perror_msg_and_die("I/O error"); | ||
| 143 | 145 | ||
| 144 | //Length is not random, and taking its address spills variable to stack | 146 | //Length is not random, and taking its address spills variable to stack |
| 145 | // sha256_hash(hash, &seed_len, sizeof(seed_len)); | 147 | // sha256_hash(hash, &seed_len, sizeof(seed_len)); |
| @@ -210,10 +212,11 @@ int seedrng_main(int argc UNUSED_PARAM, char **argv) | |||
| 210 | sha256_hash(&hash, ×tamp, sizeof(timestamp)); | 212 | sha256_hash(&hash, ×tamp, sizeof(timestamp)); |
| 211 | 213 | ||
| 212 | for (i = 0; i <= 1; i++) { | 214 | for (i = 0; i <= 1; i++) { |
| 213 | seed_from_file_if_exists(i == 0 ? NON_CREDITABLE_SEED_NAME : CREDITABLE_SEED_NAME, | 215 | seed_from_file_if_exists( |
| 214 | dfd, | 216 | i == 0 ? NON_CREDITABLE_SEED_NAME : CREDITABLE_SEED_NAME, |
| 215 | /* credit? */ (opts ^ OPT_n) & i, /* 0, then 1 unless -n */ | 217 | dfd, |
| 216 | &hash); | 218 | /*credit?*/ (opts ^ OPT_n) & i, /* 0, then 1 unless -n */ |
| 219 | &hash); | ||
| 217 | } | 220 | } |
| 218 | 221 | ||
| 219 | new_seed_len = determine_optimal_seed_len(); | 222 | new_seed_len = determine_optimal_seed_len(); |
| @@ -224,7 +227,7 @@ int seedrng_main(int argc UNUSED_PARAM, char **argv) | |||
| 224 | sha256_end(&hash, new_seed + new_seed_len - SHA256_OUTSIZE); | 227 | sha256_end(&hash, new_seed + new_seed_len - SHA256_OUTSIZE); |
| 225 | 228 | ||
| 226 | printf("Saving %u bits of %screditable seed for next boot\n", | 229 | printf("Saving %u bits of %screditable seed for next boot\n", |
| 227 | (unsigned)new_seed_len * 8, new_seed_creditable ? "" : "non-"); | 230 | (unsigned)new_seed_len * 8, new_seed_creditable ? "" : "non-"); |
| 228 | fd = xopen3(NON_CREDITABLE_SEED_NAME, O_WRONLY | O_CREAT | O_TRUNC, 0400); | 231 | fd = xopen3(NON_CREDITABLE_SEED_NAME, O_WRONLY | O_CREAT | O_TRUNC, 0400); |
| 229 | xwrite(fd, new_seed, new_seed_len); | 232 | xwrite(fd, new_seed, new_seed_len); |
| 230 | if (new_seed_creditable) { | 233 | if (new_seed_creditable) { |