splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-25 13:29:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

nvmutil: new urandom fd every time (rlong)

Browse Source 
otherwise, a stale descriptor could be manipulated
easily by an attacker over time

very theoretical to be honest

Signed-off-by: Leah Rowe <leah@libreboot.org>
This commit is contained in:
Leah Rowe
2026-03-18 04:18:58 +00:00
parent fb9e660367
commit 7d5384ebb0
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
util/nvmutil/nvmutil.c
View File

@@ -992,7 +992,7 @@ rlong(void)
static unsigned long mix = 0; static unsigned long mix = 0;
static unsigned long counter = 0; static unsigned long counter = 0;
static int fd = -1; int fd = -1;
struct x_st_timeval tv; struct x_st_timeval tv;
@@ -1055,6 +1055,9 @@ rlong(void)
sizeof(unsigned long), 0, IO_READ, LOOP_EAGAIN, sizeof(unsigned long), 0, IO_READ, LOOP_EAGAIN,
LOOP_EINTR, MAX_ZERO_RW_RETRY, OFF_ERR); LOOP_EINTR, MAX_ZERO_RW_RETRY, OFF_ERR);
if (x_i_close(fd) < 0)
err(errno, "Can't close randomness fd");
if (nr == sizeof(unsigned long)) if (nr == sizeof(unsigned long))
return rval; return rval;
@@ -3095,11 +3098,15 @@ int
x_i_close(int fd) x_i_close(int fd)
{ {
int r; int r;
int saved_errno = errno;
do { do {
r = close(fd); r = close(fd);
} while (r == -1 && errno == EINTR); } while (r == -1 && errno == EINTR);
if (r > -1)
errno = saved_errno;
return r; return r;
} }