From 9271157304dbd707f87343df0106c3465b50d6a1 Mon Sep 17 00:00:00 2001
From: Richard Ipsum <richardipsum@fastmail.co.uk>
Date: Mon, 5 Jun 2017 18:32:27 +0100
Subject: Harden reading from /dev/urandom

Guard against short reads.
---
 luascrypt.c | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/luascrypt.c b/luascrypt.c
index 9fad808..11ae799 100644
--- a/luascrypt.c
+++ b/luascrypt.c
@@ -26,7 +26,9 @@ static void
 luascrypt_salt_gen(char *salt, int saltlen)
 {
 	int fd;
-	/* We'd go with libscrypt's implementation, but since libscrypt's salt
+	/* Following comment applies to libscrypt prior to 1.21:
+	 *
+	 * We'd go with libscrypt's implementation, but since libscrypt's salt
 	 * generation is time based, we cannot fully trust it to generate
 	 * unique salts so to improve our chances we assume we have urandom
 	 * and fall back to libscrypt's implementation if we don't.  Since the
@@ -37,8 +39,28 @@ luascrypt_salt_gen(char *salt, int saltlen)
 
 	fd = open("/dev/urandom", O_RDONLY);
 	if (fd >= 0) {
-		read(fd, salt, saltlen); /* Ignore errors in these two calls */
-		close(fd);               /* Since we have our fallback.      */
+		size_t total = 0;
+		ssize_t n;
+
+		while (total < saltlen) {
+			n = read(fd, salt + total, saltlen - total);
+			if (n == 0) {
+				break;
+			}
+
+			if (n == -1) {
+				if (errno == EINTR) {
+					continue; 	/* just try again */
+				}
+
+				/* Ignore all other errors, since we have our fallback. */
+				break;
+			}
+
+			total += n;
+		}
+
+		close(fd);
 	}
 }
 
-- 
cgit v1.2.1