From 89c1733e626f417f7c522579fc7a22ac3e4c430a Mon Sep 17 00:00:00 2001
From: Philip Guenthe <guenther@cvs.openbsd.org>
Date: Fri, 5 Jun 2009 04:43:24 +0000
Subject: Sanity check: we overrun the rnd_ed[] array if nbits is 32, but that
 should be impossible given the multi-order delta logic

ok deraadt@
---
 sys/dev/rnd.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'sys')

diff --git a/sys/dev/rnd.c b/sys/dev/rnd.c
index 2602a5cbe30..0443af856ed 100644
--- a/sys/dev/rnd.c
+++ b/sys/dev/rnd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rnd.c,v 1.99 2008/12/15 06:00:38 djm Exp $	*/
+/*	$OpenBSD: rnd.c,v 1.100 2009/06/05 04:43:23 guenther Exp $	*/
 
 /*
  * rnd.c -- A strong random number generator
@@ -668,6 +668,10 @@ enqueue_randomness(int state, int val)
 	} else if (p->max_entropy)
 		nbits = 8 * sizeof(val) - 1;
 
+	/* given the multi-order delta logic above, this should never happen */
+	if (nbits >= 32)
+		return;
+
 	mtx_enter(&rndlock);
 	if ((rep = rnd_put()) == NULL) {
 		rndstats.rnd_drops++;
-- 
cgit v1.2.3