Peter Waltenberg wrote:
Think back to what tripped this whole discussion.
valgrind isn't complaining because the data has been pre-filled, it's
complaining because it's never been touched.
i.e if it were attacker providable "buffer contents" then this whole
discussion wouldn't have happened.
If the "attacker" can pre-seed uninitialized data in the process, then they
can read generated keys directly - and that's far easier than by trying to
second guess the RNG.
Consider this little piece of code:
#include <stdio.h>
#include <stdlib.h>
void f(void)
{
char buf[80];
printf("Please enter a line: ");
fflush(stdout);
fgets(buf, sizeof buf, stdin);
}
void g(void)
{
char buf[80];
/* Use uninitialized buffer content... */
printf("Buf contains %s\n", buf);
}
int main(void)
{
f();
g();
return 0;
}
On my system, this yields:
[EMAIL PROTECTED]:~/src$ gcc buf.c
[EMAIL PROTECTED]:~/src$ ./a.out
Please enter a line: blark foo
Buf contains blark foo
[EMAIL PROTECTED]:~/src$
:-) The reason this works is that when fgets writes into the stack
memory, this memory is reused in the function g() without being
reinitialized.
So, it is sometimes possible indeed that an attacker will be able to
provide (some of) the content of uninitialized memory, if he gets to
interact with the program in some way.
Regards,
--
Nils Gösche
"Don't ask for whom the <CTRL-G> tolls."
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
