lib/ukrandom: Validate getrandom input & rm assert

This change removes the assert on the buffer argument to the getrandom
syscall and replaces it with defined input validation, based on observed
behavior in Linux:
- if the requested number of bytes is 0, getrandom shortcuts to success
- if buffer is NULL and > 0 bytes requested, return -EFAULT instead of
  crashing

Signed-off-by: Andrei Tatar <andrei@unikraft.io>
Approved-by: Michalis Pappas <michalis@unikraft.io>
Reviewed-by: Michalis Pappas <michalis@unikraft.io>
GitHub-Closes: #1637

diff --git a/lib/ukrandom/getrandom.c b/lib/ukrandom/getrandom.c
index 274b3244c1059a3e0cfcec3e4bb3108dab924ae6..6cb7da9034d4e50aaec0157009125482edc796d4 100644 (file)
--- a/lib/ukrandom/getrandom.c
+++ b/lib/ukrandom/getrandom.c
@@ -42,7 +42,15 @@ UK_SYSCALL_R_DEFINE(ssize_t, getrandom,
 {
        int rc;
 
-       UK_ASSERT(buf);
+       /* Observed behavior is that for a 0-length buffer, the value in buf is
+        * never checked and the syscall shortcuts to success.
+        * Documentation does not specifically state this, but userspace apps
+        * have been seen to rely on getrandom(NULL, 0, ...) returning success.
+        */
+       if (unlikely(!buflen))
+               return 0;
+       if (unlikely(!buf))
+               return -EFAULT;
 
        rc = uk_random_fill_buffer(buf, buflen);
        if (unlikely(rc))