classification
Title: undefined array passed to CryptGenRandomBytes
Type: Stage:
Components: Interpreter Core Versions: Python 3.0, Python 2.6, Python 2.5
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: amaury.forgeotdarc Nosy List: amaury.forgeotdarc, kristjan.jonsson
Priority: normal Keywords: easy, patch

Created on 2008-07-16 22:59 by kristjan.jonsson, last changed 2008-07-21 21:14 by amaury.forgeotdarc. This issue is now closed.

Files
File name Uploaded Description Edit
tmp6.patch kristjan.jonsson, 2008-07-16 22:59 patch for issue
Messages (2)
msg69853 - (view) Author: Kristján Valur Jónsson (kristjan.jonsson) * (Python committer) Date: 2008-07-16 22:59
The CryptGenRandomBytes uses whatever data is already in the buffer as 
seed for the output.  So, the buffer is effectively an in/out buffer.  
Now, since we are generating random data anyway, the fact that we are 
using an undefined seed for the data shouldn't matter.  However, this 
does create a bunch of false positives for analysis tools such as 
Purify, that track the copying and usage of uninitialized data.
An easy patch is to clear the buffer before submitting it to 
CryptGenRandomBytes, and is attached.
msg70118 - (view) Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * (Python committer) Date: 2008-07-21 21:14
Committed as r65174 and r65175. 
(for trunk, I had to change PyBytes_AS_STRING into PyString_AS_STRING)
Thanks!
History
Date User Action Args
2008-07-21 21:14:57amaury.forgeotdarcsetstatus: open -> closed
keywords: patch, patch, easy
resolution: fixed
messages: + msg70118
2008-07-21 13:04:25amaury.forgeotdarcsetkeywords: patch, patch, easy
assignee: amaury.forgeotdarc
nosy: + amaury.forgeotdarc
2008-07-16 22:59:42kristjan.jonssoncreate