Issue #10053 has been reported by cremno phobia.
----------------------------------------
Bug #10053: OpenSSL: incorrect return value check of EGD functions
https://bugs.ruby-lang.org/issues/10053
* Author: cremno phobia
* Status: Open
* Priority: Normal
* Assignee: openssl
* Category: ext/openssl
* Target version: current: 2.2.0
* ruby -v: all
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
https://www.openssl.org/docs/crypto/RAND_egd.html#RETURN_VALUE
~~~diff
diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c
index 270a4b7..a9188bc 100644
--- a/ext/openssl/ossl_rand.c
+++ b/ext/openssl/ossl_rand.c
@@ -135,7 +135,7 @@ ossl_rand_egd(VALUE self, VALUE filename)
{
SafeStringValue(filename);
- if(!RAND_egd(RSTRING_PTR(filename))) {
+ if (RAND_egd(RSTRING_PTR(filename)) == -1) {
ossl_raise(eRandomError, NULL);
}
return Qtrue;
@@ -153,7 +153,7 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
SafeStringValue(filename);
- if (!RAND_egd_bytes(RSTRING_PTR(filename), n)) {
+ if (RAND_egd_bytes(RSTRING_PTR(filename), n) == -1) {
ossl_raise(eRandomError, NULL);
}
return Qtrue;
~~~
Maybe an error message (e.g. `"EGD connection failed or not enough data returned to fully seed the PRNG"`) should also be added.
--
https://bugs.ruby-lang.org/