DragonFlyBSD Kernel Audit
← dashboard
DF-0222

csprng_get_random byte count signed int: huge u_int requests silently truncate to 0

Summary

csprng_get_random(...,int bytes,...)(:127) called from read_random(...,u_int nbytes,...). nbytes>INT_MAX -> bytes negative -> while(bytes>0) skipped -> returns 0. Silent short-read. API hygiene.