diff options
| author | Michael Shalayeff <mickey@cvs.openbsd.org> | 2002-11-25 10:09:25 +0000 |
|---|---|---|
| committer | Michael Shalayeff <mickey@cvs.openbsd.org> | 2002-11-25 10:09:25 +0000 |
| commit | 938489b11d62d1744f9a29e37b37715efa0c4f00 (patch) | |
| tree | c76748710ee195794d876046086d4932d2248e33 | |
| parent | 099c028df89479c24d6c47c560a1f4603ba766cc (diff) | |
protect the arc4_getbyte() w/ an splhigh since
there by multiple pathways, where it worked
until read from userland in big buffers and some luck.
does not cause a memory trashing, but rather may
mess up the arc4 state such that it will not generate
one particular value until a stir. sigh.
was reported by multiple people over some time.
| -rw-r--r-- | sys/dev/rnd.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sys/dev/rnd.c b/sys/dev/rnd.c index 9a0edf69e40..391baa805ce 100644 --- a/sys/dev/rnd.c +++ b/sys/dev/rnd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rnd.c,v 1.61 2002/11/11 19:53:24 mickey Exp $ */ +/* $OpenBSD: rnd.c,v 1.62 2002/11/25 10:09:24 mickey Exp $ */ /* * rnd.c -- A strong random number generator @@ -496,8 +496,10 @@ void arc4maybeinit(void); static __inline u_int8_t arc4_getbyte(void) { - register u_int8_t si, sj; + register u_int8_t si, sj, ret; + int s; + s = splhigh(); rndstats.arc4_reads++; arc4random_state.cnt++; arc4random_state.i++; @@ -506,7 +508,9 @@ arc4_getbyte(void) sj = arc4random_state.s[arc4random_state.j]; arc4random_state.s[arc4random_state.i] = sj; arc4random_state.s[arc4random_state.j] = si; - return arc4random_state.s[(si + sj) & 0xff]; + ret = arc4random_state.s[(si + sj) & 0xff]; + splx(s); + return (ret); } static __inline void |