mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-20 08:44:33 +00:00
5528565a76
If multiple threads enter fortuna_pre_read contemporaneously, such as via
read(2) or getrandom(2), they could race to check how long it has been since
the last update due to a TOCTOU problem with 'now'.
Here is an example problematic execution:
Thread A: Thread B:
now_A = getsbinuptime();
now_B = getsbinuptime(); // now_B > now_A
RANDOM_RESEED_LOCK();
if (now - fs_lasttime > SBT_1S/10) {
fs_lasttime = now;
... // reseed
}
RANDOM_RESEED_UNLOCK();
RANDOM_RESEED_LOCK();
if (now_A - fs_lasttime > SBT_1S/10) // now_A - fs_lasttime underflows
fs_lasttime = now_A;
... // reseed again, despite less than 100ms elapsing
}
RANDOM_RESEED_UNLOCK();
To resolve the race, simply check the current time after we win the lock
race.
If getsbinuptime is perceived to be expensive, another option might be to
just accept the race and validate that fs_lasttime isn't "in the future."
(It should be within the last ~2^31 seconds out of ~2^32 seconds
representable duration.)
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16984
|
||
|---|---|---|
| .. | ||
| build.sh | ||
| darn.c | ||
| fortuna.c | ||
| fortuna.h | ||
| hash.c | ||
| hash.h | ||
| ivy.c | ||
| nehemiah.c | ||
| other_algorithm.c | ||
| other_algorithm.h | ||
| random_harvestq.c | ||
| random_harvestq.h | ||
| random_infra.c | ||
| randomdev.c | ||
| randomdev.h | ||
| uint128.h | ||
| unit_test.c | ||
| unit_test.h | ||