diff options
author | Daniel Stenberg <daniel@haxx.se> | 2023-04-24 14:14:11 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2023-04-25 17:40:15 +0200 |
commit | a97e4eb95f86adb6043a3388250f34841440981e (patch) | |
tree | 0d530b404750e35bfa47e4da1b8a8828671c77cb | |
parent | 2079cb26a19049803ceabce8bab18f7791450c08 (diff) | |
download | curl-a97e4eb95f86adb6043a3388250f34841440981e.tar.gz |
socketpair: verify with a random value
... instead of using the curl time struct, since it would use a few
uninitialized bytes and the sanitizers would complain. This is a neater
approach I think.
Reported-by: Boris Kuschel
Fixes #10993
Closes #11015
-rw-r--r-- | lib/rand.c | 4 | ||||
-rw-r--r-- | lib/socketpair.c | 14 |
2 files changed, 12 insertions, 6 deletions
diff --git a/lib/rand.c b/lib/rand.c index 9abb722d2..7d24765cc 100644 --- a/lib/rand.c +++ b/lib/rand.c @@ -183,8 +183,8 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) } /* - * Curl_rand() stores 'num' number of random unsigned integers in the buffer - * 'rndptr' points to. + * Curl_rand() stores 'num' number of random unsigned characters in the buffer + * 'rnd' points to. * * If libcurl is built without TLS support or with a TLS backend that lacks a * proper random API (rustls, Gskit or mbedTLS), this function will use "weak" diff --git a/lib/socketpair.c b/lib/socketpair.c index b94c9843e..7ee0fbc1f 100644 --- a/lib/socketpair.c +++ b/lib/socketpair.c @@ -24,6 +24,8 @@ #include "curl_setup.h" #include "socketpair.h" +#include "urldata.h" +#include "rand.h" #if !defined(HAVE_SOCKETPAIR) && !defined(CURL_DISABLE_SOCKETPAIR) #ifdef WIN32 @@ -125,13 +127,17 @@ int Curl_socketpair(int domain, int type, int protocol, if(socks[1] == CURL_SOCKET_BAD) goto error; else { - struct curltime check; struct curltime start = Curl_now(); - char *p = (char *)✓ + char rnd[9]; + char check[sizeof(rnd)]; + char *p = &check[0]; size_t s = sizeof(check); + if(Curl_rand(NULL, (unsigned char *)rnd, sizeof(rnd))) + goto error; + /* write data to the socket */ - swrite(socks[0], &start, sizeof(start)); + swrite(socks[0], rnd, sizeof(rnd)); /* verify that we read the correct data */ do { ssize_t nread; @@ -168,7 +174,7 @@ int Curl_socketpair(int domain, int type, int protocol, p += nread; continue; } - if(memcmp(&start, &check, sizeof(check))) + if(memcmp(rnd, check, sizeof(check))) goto error; break; } while(1); |