From 938489b11d62d1744f9a29e37b37715efa0c4f00 Mon Sep 17 00:00:00 2001 From: Michael Shalayeff Date: Mon, 25 Nov 2002 10:09:25 +0000 Subject: protect the arc4_getbyte() w/ an splhigh since there by multiple pathways, where it worked until read from userland in big buffers and some luck. does not cause a memory trashing, but rather may mess up the arc4 state such that it will not generate one particular value until a stir. sigh. was reported by multiple people over some time. --- sys/dev/rnd.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sys/dev/rnd.c b/sys/dev/rnd.c index 9a0edf69e40..391baa805ce 100644 --- a/sys/dev/rnd.c +++ b/sys/dev/rnd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rnd.c,v 1.61 2002/11/11 19:53:24 mickey Exp $ */ +/* $OpenBSD: rnd.c,v 1.62 2002/11/25 10:09:24 mickey Exp $ */ /* * rnd.c -- A strong random number generator @@ -496,8 +496,10 @@ void arc4maybeinit(void); static __inline u_int8_t arc4_getbyte(void) { - register u_int8_t si, sj; + register u_int8_t si, sj, ret; + int s; + s = splhigh(); rndstats.arc4_reads++; arc4random_state.cnt++; arc4random_state.i++; @@ -506,7 +508,9 @@ arc4_getbyte(void) sj = arc4random_state.s[arc4random_state.j]; arc4random_state.s[arc4random_state.i] = sj; arc4random_state.s[arc4random_state.j] = si; - return arc4random_state.s[(si + sj) & 0xff]; + ret = arc4random_state.s[(si + sj) & 0xff]; + splx(s); + return (ret); } static __inline void -- cgit v1.2.3