Patrick Steinhardt <ps@xxxxxx> writes:
> The report was for NonStop, which uses OpenSSL as the backend for
> randomness. In the preceding commit we have adapted that backend to also
> return randomness in case the entropy pool is empty and the caller
> passes the `CSPRNG_BYTES_INSECURE` flag. Do so to fix the issue.
No kidding.
This is calling rand(3). The use of the resulting value is to fuzz
the delay before retrying, which wants NO CRYPTOGRAPHIC randomness.
This callsite does not require it, but rand(3) is perfect for ensuring
predictability/repeatability as well (via srand(3)).
And it is not allowed to fail.
Yet a platform replaces it with a function that returns an error or
aborts? What kind of nonsense is that? Do we really need to cater
to such an insanity?
Use of git_rand() here goes backwards against the more recent trend
in reftable/ directory to wean the code off of the rest of Git by
getting rid of unnecessary dependency, doesn't it?
I think [PATCH 1/2] makes sense regardless, though. But shouldn't
we be pushing back this step, with "fix your rand(3)"?
Thanks.
> Reported-by: Randall S. Becker <rsbecker@xxxxxxxxxxxxx>
> Signed-off-by: Patrick Steinhardt <ps@xxxxxx>
> ---
> reftable/stack.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/reftable/stack.c b/reftable/stack.c
> index 6d0aa774e7e29d5366ed55df19725944f8eef792..572a74e00f9ed6040534e060652e72c26641749d 100644
> --- a/reftable/stack.c
> +++ b/reftable/stack.c
> @@ -493,7 +493,7 @@ static int reftable_stack_reload_maybe_reuse(struct reftable_stack *st,
> close(fd);
> fd = -1;
>
> - delay = delay + (delay * rand()) / RAND_MAX + 1;
> + delay = delay + (delay * git_rand(CSPRNG_BYTES_INSECURE)) / UINT32_MAX + 1;
> sleep_millisec(delay);
> }
>
> @@ -659,7 +659,7 @@ int reftable_stack_add(struct reftable_stack *st,
> static int format_name(struct reftable_buf *dest, uint64_t min, uint64_t max)
> {
> char buf[100];
> - uint32_t rnd = (uint32_t)git_rand(0);
> + uint32_t rnd = git_rand(CSPRNG_BYTES_INSECURE);
> snprintf(buf, sizeof(buf), "0x%012" PRIx64 "-0x%012" PRIx64 "-%08x",
> min, max, rnd);
> reftable_buf_reset(dest);
