diff options
-rw-r--r-- | lib/rand.c | 4 | ||||
-rw-r--r-- | lib/socketpair.c | 14 |
2 files changed, 12 insertions, 6 deletions
diff --git a/lib/rand.c b/lib/rand.c index 9abb722d2..7d24765cc 100644 --- a/lib/rand.c +++ b/lib/rand.c @@ -183,8 +183,8 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) } /* - * Curl_rand() stores 'num' number of random unsigned integers in the buffer - * 'rndptr' points to. + * Curl_rand() stores 'num' number of random unsigned characters in the buffer + * 'rnd' points to. * * If libcurl is built without TLS support or with a TLS backend that lacks a * proper random API (rustls, Gskit or mbedTLS), this function will use "weak" diff --git a/lib/socketpair.c b/lib/socketpair.c index b94c9843e..7ee0fbc1f 100644 --- a/lib/socketpair.c +++ b/lib/socketpair.c @@ -24,6 +24,8 @@ #include "curl_setup.h" #include "socketpair.h" +#include "urldata.h" +#include "rand.h" #if !defined(HAVE_SOCKETPAIR) && !defined(CURL_DISABLE_SOCKETPAIR) #ifdef WIN32 @@ -125,13 +127,17 @@ int Curl_socketpair(int domain, int type, int protocol, if(socks[1] == CURL_SOCKET_BAD) goto error; else { - struct curltime check; struct curltime start = Curl_now(); - char *p = (char *)✓ + char rnd[9]; + char check[sizeof(rnd)]; + char *p = &check[0]; size_t s = sizeof(check); + if(Curl_rand(NULL, (unsigned char *)rnd, sizeof(rnd))) + goto error; + /* write data to the socket */ - swrite(socks[0], &start, sizeof(start)); + swrite(socks[0], rnd, sizeof(rnd)); /* verify that we read the correct data */ do { ssize_t nread; @@ -168,7 +174,7 @@ int Curl_socketpair(int domain, int type, int protocol, p += nread; continue; } - if(memcmp(&start, &check, sizeof(check))) + if(memcmp(rnd, check, sizeof(check))) goto error; break; } while(1); |