Project

General

Profile

Actions

Bug #10053

closed

OpenSSL: incorrect return value check of EGD functions

Added by cremno (cremno phobia) over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
all
[ruby-core:63795]

Description

https://www.openssl.org/docs/crypto/RAND_egd.html#RETURN_VALUE

diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c
index 270a4b7..a9188bc 100644
--- a/ext/openssl/ossl_rand.c
+++ b/ext/openssl/ossl_rand.c
@@ -135,7 +135,7 @@ ossl_rand_egd(VALUE self, VALUE filename)
 {
     SafeStringValue(filename);

-    if(!RAND_egd(RSTRING_PTR(filename))) {
+    if (RAND_egd(RSTRING_PTR(filename)) == -1) {
    ossl_raise(eRandomError, NULL);
     }
     return Qtrue;
@@ -153,7 +153,7 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)

     SafeStringValue(filename);

-    if (!RAND_egd_bytes(RSTRING_PTR(filename), n)) {
+    if (RAND_egd_bytes(RSTRING_PTR(filename), n) == -1) {
    ossl_raise(eRandomError, NULL);
     }
     return Qtrue;

Maybe an error message (e.g. "EGD connection failed or not enough data returned to fully seed the PRNG") should also be added.

Actions

Also available in: Atom PDF