netbsd-bugs: bin/17734: Bug in rndctl command

Subject: bin/17734: Bug in rndctl command
To: None <gnats-bugs@gnats.netbsd.org>
From: None <dorsey@lila.com>
List: netbsd-bugs
Date: 07/26/2002 16:23:06
>Number:         17734
>Category:       bin
>Synopsis:       Cannot specify a device to rndctl with -t command
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 26 16:24:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Bill Dorsey
>Release:        NetBSD 1.5.3 (and earlier releases including 1.5.2)
>Organization:
>Environment:
System: NetBSD lila.com 1.5.3 NetBSD 1.5.3 (LILA) #0: Wed Jul 24 15:04:12 PDT 2002 spam@lila.com:/usr/src/sys/arch/sparc/compile/LILA sparc
Architecture: sparc, alpha
Machine: sparc
>Description:
Rndctl uses several flag variables which get set depending on which
arguments a user passes to the program.  Around line 240 of rndctl.c,
the flags lflag, mflag, and sflag are declared.  A few lines later,
lflag and mflag are initialized to zero, but sflag is NOT initialized
to zero.  If rndctl is called with the arguments "-ce -t net", the
mflag is set.  Then, around line 306, the follownig code appears:

        if ((lflag != 0 || sflag != 0) && mflag != 0)
                usage();

This code _should_ be skipped (because both lflag and sflag should
be zero when rndctl is called with the argumetns specified above).
However, on two platforms I've tested on (sparc, alpha), the sflag
variable contains garbage because it is an UNINITIALIZED AUTOMATIC
VARIABLE.  As a result, the usage information is printed and
rndctl exits with an error.

This prevents users from addition additional sources of entropy
to the random number generator.  As a result, true random numbers
are generated more slowly which adversely affects programs that
require them like ssh, ssl, etc.

>How-To-Repeat:
lila# rndctl -ce -t net
usage: rndctl -CEce [-t devtype] [-d devname]
       rndctl -l [-t devtype] [-d devname]

>Fix:

Add a line below where lflag and mflag are initialized to zero (around
line 250) to initialize sflag to zero as well.  Here are the diffs:

Index: rndctl.c
===================================================================
RCS file: /cvsroot/basesrc/sbin/rndctl/rndctl.c,v
retrieving revision 1.6
diff -r1.6 rndctl.c
1c1
< /*    $NetBSD: rndctl.c,v 1.5 1999/03/30 17:32:44 mycroft Exp $       */
---
> /*    $NetBSD: rndctl.c,v 1.6 2000/06/20 02:40:10 sommerfeld Exp $    */
251a252
>       sflag = 0;
>Release-Note:
>Audit-Trail:
>Unformatted: