random: entropy: Fix invalid memory access
In sys_rand_get() if the entropy hardware unlikely return error, the fallgback is using the system timer to and fill the given buffer with that data. The problem what that k_cycle_get_32() returns a four bytes integer and depending the sizeof of the buffer we need copy the right amount of data. That was not being done properly leading to invalid read/write memory access. Fixes #26435 Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
parent
2a706d9f20
commit
125080241d
1 changed files with 7 additions and 8 deletions
|
@ -85,16 +85,15 @@ static int rand_get(uint8_t *dst, size_t outlen, bool csrand)
|
|||
uint32_t blocksize = 4;
|
||||
|
||||
while (len < outlen) {
|
||||
random_num = k_cycle_get_32();
|
||||
if ((outlen-len) < sizeof(random_num)) {
|
||||
blocksize = len;
|
||||
(void)memcpy(&(dst[random_num]),
|
||||
&random_num, blocksize);
|
||||
} else {
|
||||
*((uint32_t *)&dst[len]) = random_num;
|
||||
size_t copylen = outlen - len;
|
||||
|
||||
if (copylen > blocksize) {
|
||||
copylen = blocksize;
|
||||
}
|
||||
|
||||
len += blocksize;
|
||||
random_num = k_cycle_get_32();
|
||||
(void)memcpy(&(dst[len]), &random_num, copylen);
|
||||
len += copylen;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue