- /* XXX XXX error checking */
- read(st->fd,buff,bytes);
+ assert(r == bytes);
+ /* This is totally crap error checking, but AFAICT many callers of
+ * this function do not check the return value. This is a minimal
+ * change to make the code not fail silently-but-insecurely.
+ *
+ * A proper fix requires either:
+ * - Declare all random number generation failures as fatal
+ * errors, and make this return void, and fix all callers,
+ * and make this call some appropriate function if it fails.
+ * - Make this have proper error checking (and reporting!)
+ * and make all callers check the error (and report!);
+ * this will be tricky, I think, because you have to report
+ * the errno somewhere.
+ *
+ * There's also the issue that this is only one possible
+ * implementation of a random number source; others may not rely
+ * on reading from a file descriptor, and may not produce
+ * appropriate settings of errno.
+ */