Make UUID generation failable

Previously, this would always succeed, but might use
weak random numbers in rare failure cases. I don't think
these UUIDs are security-sensitive, but if they're generated
by a PRNG as weak as rand() (<= 32 bits of entropy), we
certainly can't claim that they're universally unique.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
[smcv: document @error]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

1 files changed, 5 insertions, 3 deletions

diff --git a/dbus/dbus-internals.h b/dbus/dbus-internals.h
index 225a9b66..3eb8749f 100644
--- a/dbus/dbus-internals.h
+++ b/dbus/dbus-internals.h
@@ -389,8 +389,9 @@ union DBusGUID
   char as_bytes[DBUS_UUID_LENGTH_BYTES];                /**< guid as 16 single-byte values */
 };
 
-DBUS_PRIVATE_EXPORT
-void        _dbus_generate_uuid  (DBusGUID         *uuid);
+DBUS_PRIVATE_EXPORT _DBUS_GNUC_WARN_UNUSED_RESULT
+dbus_bool_t _dbus_generate_uuid  (DBusGUID         *uuid,
+                                  DBusError        *error);
 DBUS_PRIVATE_EXPORT
 dbus_bool_t _dbus_uuid_encode    (const DBusGUID   *uuid,
                                   DBusString       *encoded);
@@ -403,7 +404,8 @@ dbus_bool_t _dbus_write_uuid_file (const DBusString *filename,
                                    const DBusGUID   *uuid,
                                    DBusError        *error);
 
-dbus_bool_t _dbus_get_local_machine_uuid_encoded (DBusString *uuid_str);
+dbus_bool_t _dbus_get_local_machine_uuid_encoded (DBusString *uuid_str,
+                                                  DBusError  *error);
 
 #define _DBUS_PASTE2(a, b) a ## b
 #define _DBUS_PASTE(a, b) _DBUS_PASTE2 (a, b)