Author: cem Date: Fri Dec 13 04:55:17 2019 New Revision: 355695 URL: https://svnweb.freebsd.org/changeset/base/355695
Log: libradius: Rip out dubious use of srandomdev(3)+random(3) These functions appear to intend to produce unpredictable results. Just use arc4random. While here, use an explicit_bzero instead of memset where the intent is clearly to zero out a secret (clear_passphrase). Modified: head/lib/libradius/radlib.c Modified: head/lib/libradius/radlib.c ============================================================================== --- head/lib/libradius/radlib.c Fri Dec 13 04:48:20 2019 (r355694) +++ head/lib/libradius/radlib.c Fri Dec 13 04:55:17 2019 (r355695) @@ -79,7 +79,7 @@ static void clear_password(struct rad_handle *h) { if (h->pass_len != 0) { - memset(h->pass, 0, h->pass_len); + explicit_bzero(h->pass, h->pass_len); h->pass_len = 0; } h->pass_pos = 0; @@ -852,8 +852,8 @@ rad_create_request(struct rad_handle *h, int code) if (code == RAD_ACCESS_REQUEST) { /* Create a random authenticator */ for (i = 0; i < LEN_AUTH; i += 2) { - long r; - r = random(); + uint32_t r; + r = arc4random(); h->out[POS_AUTH+i] = (u_char)r; h->out[POS_AUTH+i+1] = (u_char)(r >> 8); } @@ -1051,10 +1051,9 @@ rad_auth_open(void) h = (struct rad_handle *)malloc(sizeof(struct rad_handle)); if (h != NULL) { - srandomdev(); h->fd = -1; h->num_servers = 0; - h->ident = random(); + h->ident = arc4random(); h->errmsg[0] = '\0'; memset(h->pass, 0, sizeof h->pass); h->pass_len = 0; _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"