summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkn <kn@cvs.openbsd.org>2019-06-22 20:15:10 +0000
committerkn <kn@cvs.openbsd.org>2019-06-22 20:15:10 +0000
commit4d364869ea6aa2735471499aa9edf7676fa5b3ac (patch)
treecb34ef291f40c55fc8e201e6193bb4ad531a3199
parent87c96548cc3064ea4354df0cdda9af0c5b7cf255 (diff)
Make computation of re-challenge timeout more obvious
Instead of masking the difference between lower and upper bound to yield a random summand that fits, instruct the API to limit their result accordingly. 0x01fe = 510 = 810 - 300. arc4random_uniform(upper_bound) returns `upper_bound - 1' as maximum, so add one to make 810 a possible value for `i'. OK deraadt
-rw-r--r--sys/net/if_spppsubr.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c
index 82e555aaad0..2a63c88ccf7 100644
--- a/sys/net/if_spppsubr.c
+++ b/sys/net/if_spppsubr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_spppsubr.c,v 1.177 2019/06/22 10:16:14 kn Exp $ */
+/* $OpenBSD: if_spppsubr.c,v 1.178 2019/06/22 20:15:09 kn Exp $ */
/*
* Synchronous PPP link level subroutines.
*
@@ -3579,7 +3579,7 @@ sppp_chap_tlu(struct sppp *sp)
* Compute the re-challenge timeout. This will yield
* a number between 300 and 810 seconds.
*/
- i = 300 + (arc4random() & 0x01fe);
+ i = 300 + arc4random_uniform(1 + 810 - 300);
timeout_add_sec(&sp->ch[IDX_CHAP], i);
}