Taylor Blau <me@xxxxxxxxxxxx> writes:
> I think that's an acceptable price to pay here, since we can drop the
> code to remember whether or not srand() has been called or not. Here's a
> patch that we could take in that direction:
> ...
> - If a different function also calls `srand()`, the PRNG may start
> generating repeated values (if that caller also initialized the PRNG
> with `getpid()`).
Hmph, I didn't think about that one. I do not think it can be a
viable attack vector to attack _this_ code, but the other function
might be. But if the other function is worth attacking and
attackable, it ought to be using crypto-secure one and not srand(),
so this argument may not give us a good justification X-<.
Provided if code simplification is a good enough rationale, the
patch looks sensible, but I find its use of u64 a bit questionable
(though not wrong). I would have expected that the type of "rand"
would be the same as backoff_ms and wait_ms, two variables involved
in the same expression.
Thanks.
> diff --git a/lockfile.c b/lockfile.c
> index 1d5ed01682..6587d407f4 100644
> --- a/lockfile.c
> +++ b/lockfile.c
> @@ -107,22 +107,17 @@ static int lock_file_timeout(struct lock_file *lk, const char *path,
> int n = 1;
> int multiplier = 1;
> long remaining_ms = 0;
> - static int random_initialized = 0;
>
> if (timeout_ms == 0)
> return lock_file(lk, path, flags, mode);
>
> - if (!random_initialized) {
> - srand((unsigned int)getpid());
> - random_initialized = 1;
> - }
> -
> if (timeout_ms > 0)
> remaining_ms = timeout_ms;
>
> while (1) {
> long backoff_ms, wait_ms;
> int fd;
> + uint64_t rand;
>
> fd = lock_file(lk, path, flags, mode);
>
> @@ -135,7 +130,10 @@ static int lock_file_timeout(struct lock_file *lk, const char *path,
>
> backoff_ms = multiplier * INITIAL_BACKOFF_MS;
> /* back off for between 0.75*backoff_ms and 1.25*backoff_ms */
> - wait_ms = (750 + rand() % 500) * backoff_ms / 1000;
> + if (csprng_bytes(&rand, sizeof(uint64_t)) < 0)
> + return error_errno(_("unable to get random bytes for"
> + "lockfile backoff"));
> + wait_ms = (750 + rand % 500) * backoff_ms / 1000;
> sleep_millisec(wait_ms);
> remaining_ms -= wait_ms;
>
> --
> 2.42.0.rc0.26.g802d811bac.dirty
>
> --- >8 ---
>
> Thanks,
> Taylor
