diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-06-01 11:48:39 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-06-06 16:18:06 -0400 |
| commit | 5afab5ca197112b01135980d6cb3694a4519e3cf (patch) | |
| tree | 4f679018a0b12658796d3e3741e9feecbb7cc939 /changes | |
| parent | 7aa20b20bffcbc4c9b4e3eb1c874616e1cab119f (diff) | |
| download | tor-5afab5ca197112b01135980d6cb3694a4519e3cf.tar tor-5afab5ca197112b01135980d6cb3694a4519e3cf.tar.gz | |
Check maximum properly in crypto_rand_int()
George Kadianakis notes that if you give crypto_rand_int() a value
above INT_MAX, it can return a negative number, which is not what
the documentation would imply.
The simple solution is to assert that the input is in [1,INT_MAX+1].
If in the future we need a random-value function that can return
values up to UINT_MAX, we can add one.
Fixes bug 3306; bugfix on 0.2.2pre14.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug3306 | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changes/bug3306 b/changes/bug3306 new file mode 100644 index 000000000..b1bb1035c --- /dev/null +++ b/changes/bug3306 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Make our crypto_rand_int() function check the value of its input + correctly. Previously, it accepted values up to UINT_MAX, but + could return a negative number if given a value above INT_MAX+1. + Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. |