Fortuna: fix a correctness issue in reseed (fortuna_pre_read)

'i' counts the number of pools included in the array 's'. Passing 'i+1' to reseed_internal() as the number of blocks in 's' is a bogus overrun of the initialized portion of 's' -- technically UB. I found this via code inspection, referencing §9.5.2 "Pools" of the Fortuna chapter, but I would expect Coverity to notice the same issue. Unfortunately, it doesn't appear to. Reviewed by: markm Approved by: secteam (gordon) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D16985
svn path=/head/; revision=339788
2024-10-19 02:29:40 +00:00 · 2018-10-26 20:55:01 +00:00 · 2018-10-26 20:55:01 +00:00 · 9a88479843 · 2020-12-20 02:59:44 +00:00
commit 9a88479843
parent 070249043e
1 changed files with 1 additions and 1 deletions
--- a/sys/dev/random/fortuna.c
+++ b/sys/dev/random/fortuna.c
@ -408,7 +408,7 @@ random_fortuna_pre_read(void)
 		SDT_PROBE2(random, fortuna, event_processor, debug, fortuna_state.fs_reseedcount, fortuna_state.fs_pool);
 #endif
 		/* FS&K */
-		random_fortuna_reseed_internal(s, i < RANDOM_FORTUNA_NPOOLS ? i + 1 : RANDOM_FORTUNA_NPOOLS);
+		random_fortuna_reseed_internal(s, i);
 		/* Clean up and secure */
 		explicit_bzero(s, sizeof(s));
 		explicit_bzero(temp, sizeof(temp));