[PATCH 05/10] Switch from using os_random() to using os_get_random(...) in ap_handle_timer(...)
Jouni Malinen
j at w1.fi
Fri Feb 19 08:09:30 PST 2016
On Sun, Feb 14, 2016 at 07:37:58PM +0000, Nick Lowe wrote:
> Switch from using os_random() to using
> os_get_random(...) in ap_handle_timer(...) The intention is to facilitate the
> future removal of os_random(). os_random() uses a low quality PRNG which we
> should avoid using outright unless there is a compelling performance
> justification to do so.
> diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
> @@ -378,7 +378,10 @@ void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
> - int fuzz = os_random() % 20;
> + int fuzz = 0;
> + if (os_get_random((u8 *) &fuzz, sizeof(fuzz)) >= 0)
> + fuzz = fuzz % 20;
This does not look safe. At minimum, that should be unsigned, but even
that may not actually be enough to cover an unlikely error case: fread()
in os_get_random() returning 1..3 octets. Maybe just set fuzz = 0 in
error case?
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list