24826 – Test for getentropy() accidentally succeeding

Bug 24826 - Test for getentropy() accidentally succeeding

Summary: Test for getentropy() accidentally succeeding

Status:	UNCONFIRMED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	unspecified

Importance:	P2 minor
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-07-18 22:06 UTC by Olivier Gayot
Modified:	2019-08-01 05:11 UTC (History)
CC List:	3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Patch for getentropy test (704 bytes, patch) 2019-07-18 22:06 UTC, Olivier Gayot	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olivier Gayot 2019-07-18 22:06:00 UTC

Created attachment 11913 [details]
Patch for getentropy test

Good evening.

While reading the source code, I've realized that one test meant to detect a defect in the getentropy() function always succeeds by accident.

This happens because of an incorrect use of parentheses at the following line in the current master branch:

  tst-getrandom.c:192:  if (memcmp (buf, buf2, sizeof (buf) == 0))

This comparison always evaluates to true and the original intent was obviously to compare the result of memcmp(...) to 0.

This test was added in 2016 in the following commit:

    commit 92dcaa3e2f7bf0f7f1c04cd2fb6a317df1a4e225
    Author: Florian Weimer <fweimer@redhat.com>
    Date:   Mon Dec 12 17:28:03 2016 +0100

    Add getentropy, getrandom, <sys/random.h> [BZ #17252]

I'm attaching a patch fixing this test.

Kind regards,
Olivier