Skip to content

Commit

Permalink
fix: close all /dev/urandom open fds (aws#4835)
Browse files Browse the repository at this point in the history
  • Loading branch information
boquan-fang authored Oct 29, 2024
1 parent b8c463b commit 9f4baec
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 3 deletions.
2 changes: 2 additions & 0 deletions tests/unit/s2n_drbg_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,9 @@ int check_drgb_version(s2n_drbg_mode mode, int (*generator)(void *, uint32_t), i
POSIX_GUARD(s2n_stuffer_read(&personalization, &personalization_string));

/* Over-ride the entropy sources */
POSIX_GUARD_RESULT(s2n_rand_cleanup());
POSIX_GUARD(s2n_rand_set_callbacks(nist_fake_entropy_init_cleanup, nist_fake_entropy_init_cleanup, generator, generator));
POSIX_GUARD_RESULT(s2n_rand_init());

/* Instantiate the DRBG */
POSIX_GUARD_RESULT(s2n_drbg_instantiate(&nist_drbg, &personalization_string, mode));
Expand Down
3 changes: 1 addition & 2 deletions tests/unit/s2n_fork_generation_number_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -189,8 +189,7 @@ static int s2n_unit_test_clone_child_process(void *parent_process_fgn)
/* Verify in threads */
EXPECT_EQUAL(s2n_unit_test_thread(return_fork_generation_number), S2N_SUCCESS);

/* This translates to the exit code for this child process */
return EXIT_SUCCESS;
exit(EXIT_SUCCESS);
}

#define PROCESS_CHILD_STACK_SIZE (1024 * 1024) /* Suggested by clone() man page... */
Expand Down
3 changes: 3 additions & 0 deletions tests/unit/s2n_override_openssl_random_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,10 @@ int main(int argc, char **argv)
/* Set s2n_random to use a new fixed DRBG to test that other known answer tests with s2n_random and OpenSSL are deterministic */
EXPECT_OK(s2n_stuffer_alloc_from_hex(&test_entropy, reference_entropy_hex));
struct s2n_drbg drbg;

POSIX_GUARD_RESULT(s2n_rand_cleanup());
EXPECT_SUCCESS(s2n_rand_set_callbacks(s2n_entropy_init_cleanup, s2n_entropy_init_cleanup, s2n_entropy_generator, s2n_entropy_generator));
POSIX_GUARD_RESULT(s2n_rand_init());

s2n_stack_blob(personalization_string, 32, 32);
EXPECT_OK(s2n_drbg_instantiate(&drbg, &personalization_string, S2N_AES_256_CTR_NO_DF_PR));
Expand Down
6 changes: 5 additions & 1 deletion tests/unit/s2n_random_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -840,9 +840,13 @@ static int s2n_random_invalid_urandom_fd_cb(struct random_test_case *test_case)

EXPECT_TRUE(dev_urandom->fd > STDERR_FILENO);
if (test == 0) {
/* Close the file descriptor. */
/* Test 0 tests for closed dev_urandom fd */
EXPECT_EQUAL(close(dev_urandom->fd), 0);
} else {
/* Test 1 tests for invalid value for dev_urandom.
* Needs to close the previously set dev_urandom fd
* before making it invalid. */
EXPECT_EQUAL(close(dev_urandom->fd), 0);
/* Make the file descriptor invalid by pointing it to STDERR. */
dev_urandom->fd = STDERR_FILENO;
}
Expand Down

0 comments on commit 9f4baec

Please sign in to comment.