89f6e24590
If rand32_xoroshiro128::z_impl_sys_rand_get is called with outlen not divisible by 4, it will overflow the dst buffer. This happens because blocksize is not changed from 4 to the difference between outlen and len. If outlen is < 4, z_impl_sys_rand_get will be stuck in an infinite loop that keeps writing random bytes outside the buffer. If outlen is > 4, z_impl_sys_rand_get returns after the correct number of loops, but it writes every byte to the buffer, not just outlen number of bytes. This causes the buffer to be overflowed with up to and including 3 bytes. Signed-off-by: Didrik Rokhaug <didrik.rokhaug@gmail.com> |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| Kconfig | ||
| rand32_ctr_drbg.c | ||
| rand32_entropy_device.c | ||
| rand32_handlers.c | ||
| rand32_timer.c | ||
| rand32_xoroshiro128.c | ||