Skip to content
Snippets Groups Projects
Commit cf632ed4 authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Add a patch to avoid using uninitialized data as random source

sysctl() doesn't guarantee to copy data when the destination buffer
isn't large enough.

Makes Valgrind a lot easier to use on BSD systems by remove at tonne
of violations.
parent 4bad3a54
No related branches found
No related tags found
No related merge requests found
Pipeline #7900 passed
......@@ -106,6 +106,7 @@ set(PATCHES
cl-intptr-t.patch
cl-wrong-string-length.patch
cl-remove-silly-pragmas.patch
cl-size-doesnt-mean-copied.patch
)
set(SOURCE
......
......@@ -79,6 +79,7 @@ set(PATCHES
${CMAKE_CURRENT_SOURCE_DIR}/cl-intptr-t.patch
${CMAKE_CURRENT_SOURCE_DIR}/cl-wrong-string-length.patch
${CMAKE_CURRENT_SOURCE_DIR}/cl-remove-silly-pragmas.patch
${CMAKE_CURRENT_SOURCE_DIR}/cl-size-doesnt-mean-copied.patch
)
FetchContent_Declare(CryptLib
......
......@@ -114,7 +114,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
$(CRYPT_IDIR): | $(3RDPODIR)
$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)
$(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/cl-terminal-params.patch $(3RDP_ROOT)/build/cl-mingw32-static.patch $(3RDP_ROOT)/build/cl-ranlib.patch $(3RDP_ROOT)/build/cl-win32-noasm.patch $(3RDP_ROOT)/build/cl-zz-country.patch $(3RDP_ROOT)/build/cl-algorithms.patch $(3RDP_ROOT)/build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)/build/cl-macosx-minver.patch $(3RDP_ROOT)/build/cl-posix-me-gently.patch $(3RDP_ROOT)/build/cl-PAM-noprompts.patch $(3RDP_ROOT)/build/cl-zlib.patch $(3RDP_ROOT)/build/cl-Dynamic-linked-static-lib.patch $(3RDP_ROOT)/build/cl-SSL-fix.patch $(3RDP_ROOT)/build/cl-bigger-maxattribute.patch $(3RDP_ROOT)/build/cl-endian.patch $(3RDP_ROOT)/build/cl-vcxproj.patch $(3RDP_ROOT)/build/cl-mingw-vcver.patch $(3RDP_ROOT)/build/cl-no-odbc.patch $(3RDP_ROOT)/build/cl-noasm-defines.patch $(3RDP_ROOT)/build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)/build/cl-prefer-ECC.patch $(3RDP_ROOT)/build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)/build/cl-clear-GCM-flag.patch $(3RDP_ROOT)/build/cl-use-ssh-ctr.patch $(3RDP_ROOT)/build/cl-no-tpm.patch $(3RDP_ROOT)/build/cl-no-via-aes.patch $(3RDP_ROOT)/build/cl-just-use-cc.patch $(3RDP_ROOT)/build/cl-no-safe-stack.patch $(3RDP_ROOT)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)/build/cl-allow-none-auth.patch $(3RDP_ROOT)/build/cl-mingw-add-m32.patch $(3RDP_ROOT)/build/cl-poll-not-select.patch $(3RDP_ROOT)/build/cl-good-sockets.patch $(3RDP_ROOT)/build/cl-moar-objects.patch $(3RDP_ROOT)/build/cl-server-term-support.patch $(3RDP_ROOT)/build/cl-add-pubkey-attribute.patch $(3RDP_ROOT)/build/cl-allow-ssh-auth-retries.patch $(3RDP_ROOT)/build/cl-fix-ssh-channel-close.patch $(3RDP_ROOT)/build/cl-vt-lt-2005-always-defined.patch $(3RDP_ROOT)/build/cl-no-pie.patch $(3RDP_ROOT)/build/cl-no-testobjs.patch $(3RDP_ROOT)/build/cl-win32-lean-and-mean.patch $(3RDP_ROOT)/build/cl-thats-not-asm.patch $(3RDP_ROOT)/build/cl-make-channels-work.patch $(3RDP_ROOT)/build/cl-allow-ssh-2.0-go.patch $(3RDP_ROOT)/build/cl-read-timeout-every-time.patch $(3RDP_ROOT)/build/cl-allow-servercheck-pubkeys.patch $(3RDP_ROOT)/build/cl-pass-after-pubkey.patch $(3RDP_ROOT)/build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)/build/cl-double-delete-fine-on-close.patch $(3RDP_ROOT)/build/cl-handle-unsupported-pubkey.patch $(3RDP_ROOT)/build/cl-add-patches-info.patch $(3RDP_ROOT)/build/cl-netbsd-hmac-symbol.patch $(3RDP_ROOT)/build/cl-netbsd-no-getfsstat.patch GNUmakefile $(3RDP_ROOT)/build/cl-remove-march.patch $(3RDP_ROOT)/build/cl-fix-shell-exec-types.patch $(3RDP_ROOT)/build/cl-ssh-eof-half-close.patch $(3RDP_ROOT)/build/cl-add-win64.patch $(3RDP_ROOT)/build/cl-fix-mb-w-conv-warnings.patch $(3RDP_ROOT)/build/cl-ssh-service-type-for-channel.patch $(3RDP_ROOT)/build/cl-ssh-sbbs-id-string.patch $(3RDP_ROOT)/build/cl-channel-select-both.patch $(3RDP_ROOT)/build/cl-allow-none-auth-svr.patch $(3RDP_ROOT)/build/cl-quote-cc.patch $(3RDP_ROOT)/build/cl-mingw64-thread-handles.patch $(3RDP_ROOT)/build/cl-mingw64-is-really-new.patch $(3RDP_ROOT)/build/cl-lowercase-versionhelpers.patch $(3RDP_ROOT)/build/cl-fix-cpuid-order.patch $(3RDP_ROOT)/build/cl-fix-cbli-incompatible.patch $(3RDP_ROOT)/build/cl-mingw64-unicode-gibble.patch $(3RDP_ROOT)/build/cl-haiku-build.patch $(3RDP_ROOT)/build/cl-dont-validate-va-list.patch $(3RDP_ROOT)/build/cl-musl-socklen_t.patch $(3RDP_ROOT)/build/cl-no-musl-backtrace.patch $(3RDP_ROOT)/build/cl-fix-constptrptr.patch $(3RDP_ROOT)/build/cl-fix-void-ptrs.patch $(3RDP_ROOT)/build/cl-intptr-t.patch $(3RDP_ROOT)/build/cl-wrong-string-length.patch $(3RDP_ROOT)/build/cl-remove-silly-pragmas.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
$(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/cl-terminal-params.patch $(3RDP_ROOT)/build/cl-mingw32-static.patch $(3RDP_ROOT)/build/cl-ranlib.patch $(3RDP_ROOT)/build/cl-win32-noasm.patch $(3RDP_ROOT)/build/cl-zz-country.patch $(3RDP_ROOT)/build/cl-algorithms.patch $(3RDP_ROOT)/build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)/build/cl-macosx-minver.patch $(3RDP_ROOT)/build/cl-posix-me-gently.patch $(3RDP_ROOT)/build/cl-PAM-noprompts.patch $(3RDP_ROOT)/build/cl-zlib.patch $(3RDP_ROOT)/build/cl-Dynamic-linked-static-lib.patch $(3RDP_ROOT)/build/cl-SSL-fix.patch $(3RDP_ROOT)/build/cl-bigger-maxattribute.patch $(3RDP_ROOT)/build/cl-endian.patch $(3RDP_ROOT)/build/cl-vcxproj.patch $(3RDP_ROOT)/build/cl-mingw-vcver.patch $(3RDP_ROOT)/build/cl-no-odbc.patch $(3RDP_ROOT)/build/cl-noasm-defines.patch $(3RDP_ROOT)/build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)/build/cl-prefer-ECC.patch $(3RDP_ROOT)/build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)/build/cl-clear-GCM-flag.patch $(3RDP_ROOT)/build/cl-use-ssh-ctr.patch $(3RDP_ROOT)/build/cl-no-tpm.patch $(3RDP_ROOT)/build/cl-no-via-aes.patch $(3RDP_ROOT)/build/cl-just-use-cc.patch $(3RDP_ROOT)/build/cl-no-safe-stack.patch $(3RDP_ROOT)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)/build/cl-allow-none-auth.patch $(3RDP_ROOT)/build/cl-mingw-add-m32.patch $(3RDP_ROOT)/build/cl-poll-not-select.patch $(3RDP_ROOT)/build/cl-good-sockets.patch $(3RDP_ROOT)/build/cl-moar-objects.patch $(3RDP_ROOT)/build/cl-server-term-support.patch $(3RDP_ROOT)/build/cl-add-pubkey-attribute.patch $(3RDP_ROOT)/build/cl-allow-ssh-auth-retries.patch $(3RDP_ROOT)/build/cl-fix-ssh-channel-close.patch $(3RDP_ROOT)/build/cl-vt-lt-2005-always-defined.patch $(3RDP_ROOT)/build/cl-no-pie.patch $(3RDP_ROOT)/build/cl-no-testobjs.patch $(3RDP_ROOT)/build/cl-win32-lean-and-mean.patch $(3RDP_ROOT)/build/cl-thats-not-asm.patch $(3RDP_ROOT)/build/cl-make-channels-work.patch $(3RDP_ROOT)/build/cl-allow-ssh-2.0-go.patch $(3RDP_ROOT)/build/cl-read-timeout-every-time.patch $(3RDP_ROOT)/build/cl-allow-servercheck-pubkeys.patch $(3RDP_ROOT)/build/cl-pass-after-pubkey.patch $(3RDP_ROOT)/build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)/build/cl-double-delete-fine-on-close.patch $(3RDP_ROOT)/build/cl-handle-unsupported-pubkey.patch $(3RDP_ROOT)/build/cl-add-patches-info.patch $(3RDP_ROOT)/build/cl-netbsd-hmac-symbol.patch $(3RDP_ROOT)/build/cl-netbsd-no-getfsstat.patch GNUmakefile $(3RDP_ROOT)/build/cl-remove-march.patch $(3RDP_ROOT)/build/cl-fix-shell-exec-types.patch $(3RDP_ROOT)/build/cl-ssh-eof-half-close.patch $(3RDP_ROOT)/build/cl-add-win64.patch $(3RDP_ROOT)/build/cl-fix-mb-w-conv-warnings.patch $(3RDP_ROOT)/build/cl-ssh-service-type-for-channel.patch $(3RDP_ROOT)/build/cl-ssh-sbbs-id-string.patch $(3RDP_ROOT)/build/cl-channel-select-both.patch $(3RDP_ROOT)/build/cl-allow-none-auth-svr.patch $(3RDP_ROOT)/build/cl-quote-cc.patch $(3RDP_ROOT)/build/cl-mingw64-thread-handles.patch $(3RDP_ROOT)/build/cl-mingw64-is-really-new.patch $(3RDP_ROOT)/build/cl-lowercase-versionhelpers.patch $(3RDP_ROOT)/build/cl-fix-cpuid-order.patch $(3RDP_ROOT)/build/cl-fix-cbli-incompatible.patch $(3RDP_ROOT)/build/cl-mingw64-unicode-gibble.patch $(3RDP_ROOT)/build/cl-haiku-build.patch $(3RDP_ROOT)/build/cl-dont-validate-va-list.patch $(3RDP_ROOT)/build/cl-musl-socklen_t.patch $(3RDP_ROOT)/build/cl-no-musl-backtrace.patch $(3RDP_ROOT)/build/cl-fix-constptrptr.patch $(3RDP_ROOT)/build/cl-fix-void-ptrs.patch $(3RDP_ROOT)/build/cl-intptr-t.patch $(3RDP_ROOT)/build/cl-wrong-string-length.patch $(3RDP_ROOT)/build/cl-remove-silly-pragmas.patch $(3RDP_ROOT)/build/cl-size-doesnt-mean-copied.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
@echo Creating $@ ...
$(QUIET)-rm -rf $(CRYPT_SRC)/*
$(QUIET)unzip -oa $(3RDPDISTDIR)/cryptlib.zip -d $(CRYPT_SRC)
......@@ -198,6 +198,7 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/cl-terminal
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-intptr-t.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-wrong-string-length.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-remove-silly-pragmas.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-size-doesnt-mean-copied.patch
$(QUIET)perl -pi.bak -e 's/^(#define CRYPTLIB_VERSION.*)$$/"$$1\n#define CRYPTLIB_PATCHES \"" . (chomp($$val = `cat cl-*.patch | if (which md5sum > \/dev\/null 2>&1); then md5sum; else md5; fi`), $$val) . "\""/e' $(CRYPT_SRC)/cryptlib.h
$(QUIET)sed -E -iorig 's/%%MIN_MAC_OSX_VERSION%%/${MIN_MAC_OSX_VERSION}/g' $(CRYPT_SRC)/tools/ccopts.sh
ifdef FIXED_FIXED_SEED
......
diff --git random/unix.c random/unix.c
index 0cf67d2..160279b 100644
--- random/unix.c
+++ random/unix.c
@@ -625,8 +625,6 @@ static int getSysctlData( void )
DEBUG_DIAG(( "Overflow in sysctl %d:%d, using %d bytes",
sysctlInfo[ i ].mib[ 0 ], sysctlInfo[ i ].mib[ 1 ],
size ));
- if( size >= SYSCTL_BUFFER_SIZE / 2 )
- status = 0;
}
if( status )
continue;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment