X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=blobdiff_plain;f=random.c;h=39a9cb07c78f57183358059b21069743dd6b35e1;hp=1fd19ec67a49a711c6a39296123e5898c4b113a7;hb=46d06c3918b0080af7e87db986612e23bde4a341;hpb=2fe58dfd10216a37f1ece081f926971882de112e

diff --git a/random.c b/random.c
index 1fd19ec..39a9cb0 100644
--- a/random.c
+++ b/random.c
@@ -1,14 +1,10 @@
-/* $Log$
- */
-
+#include "secnet.h"
 #include <stdio.h>
 #include <fcntl.h>
 #include <string.h>
-#include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
-
-#include "secnet.h"
+#include <assert.h>
 
 struct rgen_data {
     closure_t cl;
@@ -18,12 +14,32 @@ struct rgen_data {
 };
 
 static random_fn random_generate;
-static bool_t random_generate(void *data, uint32_t bytes, uint8_t *buff)
+static bool_t random_generate(void *data, int32_t bytes, uint8_t *buff)
 {
     struct rgen_data *st=data;
+    int r;
+
+    r= read(st->fd,buff,bytes);
 
-    /* XXX XXX error checking */
-    read(st->fd,buff,bytes);
+    assert(r == bytes);
+    /* This is totally crap error checking, but AFAICT many callers of
+     * this function do not check the return value.  This is a minimal
+     * change to make the code not fail silently-but-insecurely.
+     *
+     * A proper fix requires either:
+     *  - Declare all random number generation failures as fatal
+     *    errors, and make this return void, and fix all callers,
+     *    and make this call some appropriate function if it fails.
+     *  - Make this have proper error checking (and reporting!)
+     *    and make all callers check the error (and report!);
+     *    this will be tricky, I think, because you have to report
+     *    the errno somewhere.
+     *
+     * There's also the issue that this is only one possible
+     * implementation of a random number source; others may not rely
+     * on reading from a file descriptor, and may not produce
+     * appropriate settings of errno.
+     */
 
     return True;
 }
@@ -50,7 +66,7 @@ static list_t *random_apply(closure_t *self, struct cloc loc,
     arg2=list_elem(args,1);
 
     if (!arg1) {
-	fatal("randomsource: requires a filename\n");
+	cfgfatal(loc,"randomsource","requires a filename\n");
     }
     if (arg1->type != t_string) {
 	cfgfatal(arg1->loc,"randomsource",
@@ -67,7 +83,7 @@ static list_t *random_apply(closure_t *self, struct cloc loc,
     }
 
     if (!filename) {
-	fatal("randomsource requires a filename");
+	cfgfatal(loc,"randomsource","requires a filename\n");
     }
     st->fd=open(filename,O_RDONLY);
     if (st->fd<0) {