colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: use nm_utils_read_urandom() in nm_utils_secret_key_read()

Browse Source 
nm_utils_read_urandom() repeats on EINTR and repeats for partial reads.
This commit is contained in:
Thomas Haller
2016-06-03 15:07:43 +02:00
parent dcc8de16b2
commit 83d231776b
1 changed files with 11 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/nm-core-utils.c
View File

@@ -2847,34 +2847,28 @@ nm_utils_secret_key_read (gsize *out_key_len, GError **error)
key_len = 0; key_len = 0;
} }
} else { } else {
int urandom = open ("/dev/urandom", O_RDONLY); int r;
mode_t key_mask; mode_t key_mask;
if (urandom == -1) {
g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
"Can't open /dev/urandom: %s", strerror (errno));
key_len = 0;
goto out;
}
/* RFC7217 mandates the key SHOULD be at least 128 bits. /* RFC7217 mandates the key SHOULD be at least 128 bits.
* Let's use twice as much. */ * Let's use twice as much. */
key_len = 32; key_len = 32;
secret_key = g_malloc (key_len); secret_key = g_malloc (key_len);
r = nm_utils_read_urandom (secret_key, key_len);
if (r < 0) {
g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
"Can't read /dev/urandom: %s", strerror (-r));
key_len = 0;
goto out;
}
key_mask = umask (0077); key_mask = umask (0077);
if (read (urandom, secret_key, key_len) == key_len) { if (!g_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, error)) {
if (!g_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, error)) { g_prefix_error (error, "Can't write " NMSTATEDIR "/secret_key: ");
g_prefix_error (error, "Can't write " NMSTATEDIR "/secret_key: ");
key_len = 0;
}
} else {
g_set_error_literal (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
"Could not obtain a secret");
key_len = 0; key_len = 0;
} }
umask (key_mask); umask (key_mask);
close (urandom);
} }
out: out: