romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:31:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

socketpair: verify with a random value

Browse source 
... instead of using the curl time struct, since it would use a few
uninitialized bytes and the sanitizers would complain. This is a neater
approach I think.

Reported-by: Boris Kuschel
Fixes #10993
Closes #11015
This commit is contained in:
Daniel Stenberg 2023-04-24 14:14:11 +02:00
parent 2079cb26a1
commit a97e4eb95f
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
2 changed files with 12 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/rand.c
View file

@ -183,8 +183,8 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
}
/*
* Curl_rand() stores 'num' number of random unsigned integers in the buffer
* 'rndptr' points to.
* Curl_rand() stores 'num' number of random unsigned characters in the buffer
* 'rnd' points to.
*
* If libcurl is built without TLS support or with a TLS backend that lacks a
* proper random API (rustls, Gskit or mbedTLS), this function will use "weak"