From: nia <nia@netbsd.org>
Date: Thu, 30 Apr 2020 13:43:04 +0000 (+0100)
Subject: rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes.
X-Git-Tag: openssl-3.0.0-alpha2~93
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7421f085005e0d7a1dd2fe61b991ff23cef91c22;p=oweals%2Fopenssl.git

rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes.

Requests for more than 256 bytes will fail.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11689)
---

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index c9ee01f1b1..081ffca908 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -250,7 +250,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen)
     mib[1] = KERN_ARND;
 
     do {
-        len = buflen;
+        len = buflen > 256 ? 256 : buflen;
         if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
             return done > 0 ? done : -1;
         done += len;