On Sun, Feb 14, 2016 at 07:38:37PM +0000, Nick Lowe wrote: > Switch from using os_random() to using > os_get_random(...) in ieee802_1x_kay_create_mka(...) The intention is to > facilitate the future removal of os_random(). os_random() uses a low quality > PRNG which we should avoid using outright unless there is a compelling > performance justification to do so. > diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c > index ef74430..8053b61 100644 > --- a/src/pae/ieee802_1x_kay.c > +++ b/src/pae/ieee802_1x_kay.c > @@ -3384,7 +3384,9 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay > *kay, struct mka_key_name *ckn, > wpa_hexdump(MSG_DEBUG, "KaY: Participant created:", > ckn->name, ckn->len); > > - usecs = os_random() % (MKA_HELLO_TIME * 1000); > + if (os_get_random((u8 *) &usecs, sizeof(usecs)) < 0) > + goto fail; This error handling is not correct. dl_list_add() was used previously to add the entry to a list and os_free(participant) in the fail label would leave freed memory into the list resulting in process crash in the best case.. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap