[gnutls-devel] GnuTLS | Dummy getrandom() definition can cause have_getrandom() = 1, causing TLS failure (#892)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Dec 31 03:06:00 CET 2019
Edward Stangler created an issue: https://gitlab.com/gnutls/gnutls/issues/892
## Description of problem:
When compiling on Linux that doesn't have getrandom() at all:
```
/* if defined(__linux__) && !defined(HAVE_GETRANDOM) && !defined(SYS_getrandom) */
# define getrandom(dst,s,flags) -1
```
Then if this executes (on a Linux with kernel < 3.17, for example) during GNU TLS init:
```
static unsigned have_getrandom(void)
{
char c;
int ret;
ret = getrandom(&c, 1, 1/*GRND_NONBLOCK*/);
if (ret == 1 || (ret == -1 && errno == EAGAIN))
return 1;
return 0;
}
```
Then have_getrandom() = 1 when GNU TLS init is executed right after an API call that sets errno = EAGAIN. This causes TLS failure.
This actually happened. At a very bad time.
Our patch was to change this line:
```
# define getrandom(dst,s,flags) -1
```
to this:
```
static ssize_t _getrandom0(void *buf, size_t buflen, unsigned int flags)
{
errno = ENOSYS;
return -1;
}
# define getrandom(dst,s,flags) _getrandom0(dst,s,flags)
```
## Version of gnutls used:
3.6.10
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
None
## How reproducible:
Always
Steps to Reproduce:
* one
* two
* three
## Actual results:
## Expected results:
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/892
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191231/75784315/attachment-0001.html>
More information about the Gnutls-devel
mailing list