diff options
author | Thomas Haller <thaller@redhat.com> | 2016-06-03 15:07:43 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2016-06-30 08:29:54 +0200 |
commit | 83d231776b71b12103c2fbebfb29b052f796c87e (patch) | |
tree | ba7c0f7cbf7211b43f6c30477b3adddeb493521e | |
parent | dcc8de16b2acc43b2a9155fcfb91fa2602f3a401 (diff) | |
download | NetworkManager-83d231776b71b12103c2fbebfb29b052f796c87e.tar.gz |
core: use nm_utils_read_urandom() in nm_utils_secret_key_read()
nm_utils_read_urandom() repeats on EINTR and repeats for partial reads.
-rw-r--r-- | src/nm-core-utils.c | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c index 0a913e9c8e..bb15ca387a 100644 --- a/src/nm-core-utils.c +++ b/src/nm-core-utils.c @@ -2847,34 +2847,28 @@ nm_utils_secret_key_read (gsize *out_key_len, GError **error) key_len = 0; } } else { - int urandom = open ("/dev/urandom", O_RDONLY); + int r; mode_t key_mask; - if (urandom == -1) { - g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, - "Can't open /dev/urandom: %s", strerror (errno)); - key_len = 0; - goto out; - } - /* RFC7217 mandates the key SHOULD be at least 128 bits. * Let's use twice as much. */ key_len = 32; secret_key = g_malloc (key_len); + r = nm_utils_read_urandom (secret_key, key_len); + if (r < 0) { + g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, + "Can't read /dev/urandom: %s", strerror (-r)); + key_len = 0; + goto out; + } + key_mask = umask (0077); - if (read (urandom, secret_key, key_len) == key_len) { - if (!g_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, error)) { - g_prefix_error (error, "Can't write " NMSTATEDIR "/secret_key: "); - key_len = 0; - } - } else { - g_set_error_literal (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, - "Could not obtain a secret"); + if (!g_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, error)) { + g_prefix_error (error, "Can't write " NMSTATEDIR "/secret_key: "); key_len = 0; } umask (key_mask); - close (urandom); } out: |