[libvirt] [PATCH 1/2] util: Don't overflow in virRandomBits

[Michal Privoznik]

On 08/01/2018 04:50 PM, Eric Blake wrote:
> On 08/01/2018 07:16 AM, Daniel P. Berrangé wrote:
>> On Wed, Aug 01, 2018 at 01:44:32PM +0200, Michal Privoznik wrote:
>>> The function is supposed to return up to 64bit long integer. In
>>> order to do that it calls virRandomBytes() to fill the integer
>>> with random bytes and then masks out everything but requested
>>> bits. However, when doing that it shifts 1U and not 1ULL. So
>>> effectively, requesting 32 random bis or more always return 0
>>> which is not random enough.
>>>
>>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>>> ---
>>>   src/util/virrandom.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/src/util/virrandom.c b/src/util/virrandom.c
>>> index 01cc82a052..3c011a8615 100644
>>> --- a/src/util/virrandom.c
>>> +++ b/src/util/virrandom.c
>>> @@ -68,7 +68,7 @@ uint64_t virRandomBits(int nbits)
>>>           return 0;
>>>       }
>>>   -    ret &= (1U << nbits) - 1;
>>> +    ret &= (1ULL << nbits) - 1;
> 
> 1ULL << 64 is undefined in C. We need to write this as:
> 
> if (nbits < 64)
>     ret &= (1ULL << nbits) - 1;
> 
> 

Oops. okay. I'll post a patch for that since this is pushed already.

Michal