From: Nick Mathewson Date: Wed, 1 Jun 2011 15:48:39 +0000 (-0400) Subject: Check maximum properly in crypto_rand_int() X-Git-Tag: tor-0.2.2.29-beta~3^2~16^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5afab5ca197112b01135980d6cb3694a4519e3cf;p=thirdparty%2Ftor.git Check maximum properly in crypto_rand_int() George Kadianakis notes that if you give crypto_rand_int() a value above INT_MAX, it can return a negative number, which is not what the documentation would imply. The simple solution is to assert that the input is in [1,INT_MAX+1]. If in the future we need a random-value function that can return values up to UINT_MAX, we can add one. Fixes bug 3306; bugfix on 0.2.2pre14. --- diff --git a/changes/bug3306 b/changes/bug3306 new file mode 100644 index 0000000000..b1bb1035cf --- /dev/null +++ b/changes/bug3306 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Make our crypto_rand_int() function check the value of its input + correctly. Previously, it accepted values up to UINT_MAX, but + could return a negative number if given a value above INT_MAX+1. + Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. diff --git a/src/common/crypto.c b/src/common/crypto.c index d8e6619c9f..851f11bf3b 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2145,13 +2145,14 @@ crypto_rand(char *to, size_t n) } /** Return a pseudorandom integer, chosen uniformly from the values - * between 0 and max-1. */ + * between 0 and max-1 inclusive. max must be between 1 and + * INT_MAX+1, inclusive. */ int crypto_rand_int(unsigned int max) { unsigned int val; unsigned int cutoff; - tor_assert(max < UINT_MAX); + tor_assert(max <= ((unsigned int)INT_MAX)+1); tor_assert(max > 0); /* don't div by 0 */ /* We ignore any values that are >= 'cutoff,' to avoid biasing the