diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-06-01 11:48:39 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-06-06 16:18:06 -0400 |
| commit | 5afab5ca197112b01135980d6cb3694a4519e3cf (patch) | |
| tree | 4f679018a0b12658796d3e3741e9feecbb7cc939 /src/common/crypto.c | |
| parent | 7aa20b20bffcbc4c9b4e3eb1c874616e1cab119f (diff) | |
| download | tor-5afab5ca197112b01135980d6cb3694a4519e3cf.tar.gz tor-5afab5ca197112b01135980d6cb3694a4519e3cf.zip | |
Check maximum properly in crypto_rand_int()
George Kadianakis notes that if you give crypto_rand_int() a value
above INT_MAX, it can return a negative number, which is not what
the documentation would imply.
The simple solution is to assert that the input is in [1,INT_MAX+1].
If in the future we need a random-value function that can return
values up to UINT_MAX, we can add one.
Fixes bug 3306; bugfix on 0.2.2pre14.
Diffstat (limited to 'src/common/crypto.c')
| -rw-r--r-- | src/common/crypto.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index d8e6619c9f..851f11bf3b 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2145,13 +2145,14 @@ crypto_rand(char *to, size_t n) } /** Return a pseudorandom integer, chosen uniformly from the values - * between 0 and <b>max</b>-1. */ + * between 0 and <b>max</b>-1 inclusive. <b>max</b> must be between 1 and + * INT_MAX+1, inclusive. */ int crypto_rand_int(unsigned int max) { unsigned int val; unsigned int cutoff; - tor_assert(max < UINT_MAX); + tor_assert(max <= ((unsigned int)INT_MAX)+1); tor_assert(max > 0); /* don't div by 0 */ /* We ignore any values that are >= 'cutoff,' to avoid biasing the |