Re: [PATCH 05/10] Switch from using os_random() to using os_get_random(...) in ap_handle_timer(...)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Feb 14, 2016 at 07:37:58PM +0000, Nick Lowe wrote:
>  Switch from using os_random() to using
>  os_get_random(...) in ap_handle_timer(...) The intention is to facilitate the
>  future removal of os_random(). os_random() uses a low quality PRNG which we
>  should avoid using outright unless there is a compelling performance
>  justification to do so.

> diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
> @@ -378,7 +378,10 @@ void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
> -        int fuzz = os_random() % 20;
> +        int fuzz = 0;
> +        if (os_get_random((u8 *) &fuzz, sizeof(fuzz)) >= 0)
> +            fuzz = fuzz % 20;

This does not look safe. At minimum, that should be unsigned, but even
that may not actually be enough to cover an unlikely error case: fread()
in os_get_random() returning 1..3 octets. Maybe just set fuzz = 0 in
error case?

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux