From 18e95daa6bad720e93a2e4f9c81b63d5633561a6 Mon Sep 17 00:00:00 2001 From: Ludvig Michaelsson Date: Mon, 7 Oct 2024 11:11:03 +0200 Subject: [PATCH] random: unpoison buffer after arc4random_buf() MSAN does not realise that the iv buffer for aes256_cbc_fips() is in fact initialized by this function call. This path and subsequent use of the "uninitialised" value was hit when upgrading to Ubuntu 24.04 (which ships a version of glibc that implements arc4random_buf()). --- src/random.c | 10 ++++++++++ src/u2f.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/random.c b/src/random.c index 9688d35c..6f7ad2d1 100644 --- a/src/random.c +++ b/src/random.c @@ -16,6 +16,13 @@ #include #endif +#if defined(__has_feature) +# if __has_feature(memory_sanitizer) +# include +# define WITH_MSAN 1 +# endif +#endif + #include "fido.h" #if defined(_WIN32) @@ -45,6 +52,9 @@ int fido_get_random(void *buf, size_t len) { arc4random_buf(buf, len); +#ifdef WITH_MSAN + __msan_unpoison(buf, len); /* XXX */ +#endif return (0); } #elif defined(HAVE_GETRANDOM) diff --git a/src/u2f.c b/src/u2f.c index 2620a2eb..9a370f8b 100644 --- a/src/u2f.c +++ b/src/u2f.c @@ -931,7 +931,7 @@ u2f_get_touch_status(fido_dev_t *dev, int *touched, int *ms) if ((reply_len = fido_rx(dev, CTAP_CMD_MSG, reply, FIDO_MAXMSG, ms)) < 2) { fido_log_debug("%s: fido_rx", __func__); - r = FIDO_OK; /* ignore */ + r = *ms != 0 ? FIDO_OK : FIDO_ERR_INTERNAL; /* ignore */ goto out; }