diff options
| author | deraadt <> | 2019-03-24 17:56:54 +0000 |
|---|---|---|
| committer | deraadt <> | 2019-03-24 17:56:54 +0000 |
| commit | ed1f555802549862bf6249547c85f53ce8b3cd41 (patch) | |
| tree | 4b25e3b4c0613430605a43c4c49470458b7a5a05 | |
| parent | 5c0bfb1931500c779b9393cda45c6aee83714019 (diff) | |
| download | openbsd-ed1f555802549862bf6249547c85f53ce8b3cd41.tar.gz openbsd-ed1f555802549862bf6249547c85f53ce8b3cd41.tar.bz2 openbsd-ed1f555802549862bf6249547c85f53ce8b3cd41.zip | |
In the incredibly unbelievable circumstance where _rs_init() fails to
allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit(). The reasoning is _rs_init() will only
fail if someone finds a way to apply specific pressure against this
failure point, for the purpose of leaking information into a core which
they can read. We don't need a corefile in this instance to debug that.
So take this "lever" away from whoever in the future wants to do that.
| -rw-r--r-- | src/lib/libc/crypt/arc4random.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c index 8a4ecc9e89..1a16bd3940 100644 --- a/src/lib/libc/crypt/arc4random.c +++ b/src/lib/libc/crypt/arc4random.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: arc4random.c,v 1.54 2015/09/13 08:31:47 guenther Exp $ */ | 1 | /* $OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1996, David Mazieres <dm@uun.org> | 4 | * Copyright (c) 1996, David Mazieres <dm@uun.org> |
| @@ -75,7 +75,7 @@ _rs_init(u_char *buf, size_t n) | |||
| 75 | 75 | ||
| 76 | if (rs == NULL) { | 76 | if (rs == NULL) { |
| 77 | if (_rs_allocate(&rs, &rsx) == -1) | 77 | if (_rs_allocate(&rs, &rsx) == -1) |
| 78 | abort(); | 78 | _exit(1); |
| 79 | } | 79 | } |
| 80 | 80 | ||
| 81 | chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); | 81 | chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); |