juniskane commented on pull request #2488: URL: https://github.com/apache/incubator-nuttx/pull/2488#issuecomment-739926875
I think there is a real problem with getrandom(), not caused by this PR but introduced by Issue 619 https://github.com/apache/incubator-nuttx/issues/619 There is a comment in getrandom() function description: "Note that this function cannot fail, other than by asserting." But this is no longer true, if nxsem_wait_uninterruptible() return ECANCELLED because some other task called pthread_cancel() for the thread calling getrandom(). This is very bad, as caller might consume the buffer before next cancellation point. I think solution is to make this function a cancellation point? Any thoughts about this? I think non-standard functions can be cancellation points, nothing in POSIX is prohibiting that. The **wrong** solution would be to change getrandom() return value to int and force every caller to deal with this error. It it bad for security if every caller needs to deal with cancelled or otherwise failing getrandom(). What to do when it fails? Default to some insecure mode like calling rand()? (NuttX is on purpose different than Linux in this regard.) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
