Fix assertions inside read_{u32,u64}_into #1096
Conversation
Unless I'm mistaken the size multiplier was on the wrong side, making the assertions too permissive. This could have resulted in destination buffers not being fully populated.
|
No, the asserts are correct. |
|
That doesn't make sense to me. |
|
Also this code was changed from the macro: macro_rules! read_slice {
($src:expr, $dst:expr, $size:expr, $which:ident) => {{
assert_eq!($src.len(), $size * $dst.len());
unsafe {
ptr::copy_nonoverlapping(
$src.as_ptr(),
$dst.as_mut_ptr() as *mut u8,
$src.len());
}
for v in $dst.iter_mut() {
*v = v.$which();
}
}};
}Note that |
|
Yikes, good catch! This potentially affects seeding of Xoshiro128++, 256++, PCG, and HC128 generators. The HC128 generator is even declared as a crypto generator: impl CryptoRng for Hc128Core {}So, how do we handle this?
Can I ask you to add a changelog entry and bump |
Sure, done. |
|
Fixed version published; thanks @tmandry. I'll let the Rust advisory team decide how to deal with the rest. |
``` error[A001]: Incorrect check on buffer length when seeding RNGs ┌─ /home/lopopolo/dev/artichoke/rand_mt/Cargo.lock:13:1 │ 13 │ rand_core 0.6.1 registry+https://github.com/rust-lang/crates.io-index │ --------------------------------------------------------------------- security vulnerability detected │ = ID: RUSTSEC-2021-0023 = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0023 = Summary: rand_core::le::read_u32_into and read_u64_into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled. Implications: some downstream RNGs, including Hc128Rng (but not the more widely used ChaCha*Rng), allow seeding using the SeedableRng::from_seed trait-function with too short keys. = Announcement: rust-random/rand#1096 = Solution: Upgrade to >=0.6.2 = rand_core v0.6.1 └── rand_mt v4.0.0 ```
https://rustsec.org/advisories/RUSTSEC-2021-0023 ``` error[A001]: Incorrect check on buffer length when seeding RNGs ┌─ /home/lopopolo/dev/artichoke/rand_mt/Cargo.lock:13:1 │ 13 │ rand_core 0.6.1 registry+https://github.com/rust-lang/crates.io-index │ --------------------------------------------------------------------- security vulnerability detected │ = ID: RUSTSEC-2021-0023 = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0023 = Summary: rand_core::le::read_u32_into and read_u64_into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled. Implications: some downstream RNGs, including Hc128Rng (but not the more widely used ChaCha*Rng), allow seeding using the SeedableRng::from_seed trait-function with too short keys. = Announcement: rust-random/rand#1096 = Solution: Upgrade to >=0.6.2 = rand_core v0.6.1 └── rand_mt v4.0.0 ```
|
Hi. This was recently filed as a release critical bug in Debian. Debian testing/unstable has version 0.5.1 of rand_core and Debian stable has version 0.3.0 of rand_core. Wolfgang Silbermayr has looked at the code for 0.5.1 and I have looked at the code for both 0.3.0 and 0.5.1 (which appears to be identical). We have concluded that this is a 0.6.x specific issue but would like confirmation from those familiar with the code base. |
|
@plugwash that is correct (it is in the advisory notice). |
|
@dhardy Somehow this does not show on the rustsec.org website. |
Unless I'm mistaken the size multiplier was on the wrong side, making the assertions too permissive. This could have resulted in destination buffers not being fully populated.