Re: [musl] [PATCH v2] getentropy: fail if buffer not completely filled

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: Rich Felker <dalias@libc.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: musl@lists.openwall.com
Subject: Re: [musl] [PATCH v2] getentropy: fail if buffer not completely filled
Date: Sun, 10 Apr 2022 11:30:36 -0400	[thread overview]
Message-ID: <20220410153036.GN7074@brightrain.aerifal.cx> (raw)
In-Reply-To: <20220409225851.715796-1-Jason@zx2c4.com>

On Sun, Apr 10, 2022 at 12:58:49AM +0200, Jason A. Donenfeld wrote:
> The man page for getentropy says that it either completely succeeds or
> completely fails, and indeed this is what glibc does. However, musl has
> a condition where it breaks out of the loop early, yet still returns a
> success. This patch fixes that by returning a success only if the buffer
> is completely filled.

It does not return success if it breaks out of the loop early. In that
case ret is -1 and it returns -1 (return ret;).

The loop is necessary by my understanding of the function not because
of the possibility of short reads (which shouldn't be able to happen)
but because EINTR can happen while blocking before the urandom pool is
ready. In theory we could probably rip out the non-EINTR part of the
logic (partial reads) but if it's already there and working it seems
like it's not harming anything and serves as hardening against the
kernel doing something stupid.

Is there a remaining problem you're trying to solve?

Rich

     prev parent reply	other threads:[~2022-04-10 15:30 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-09  0:10 [musl] [PATCH] " Jason A. Donenfeld
2022-04-09 13:18 ` Rich Felker
2022-04-09 22:50   ` Jason A. Donenfeld
2022-04-09 22:58     ` [musl] [PATCH v2] " Jason A. Donenfeld
2022-04-09 22:58       ` [musl] [PATCH v3] " Jason A. Donenfeld
2022-04-10 15:30       ` Rich Felker [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220410153036.GN7074@brightrain.aerifal.cx \
    --to=dalias@libc.org \
    --cc=Jason@zx2c4.com \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).