From: Andrei Tatar <andrei@unikraft.io>
Date: Tue, 29 Apr 2025 15:57:40 +0000 (+0200)
Subject: lib/ukrandom: Validate getrandom input & rm assert
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=e6ac4dfe62e1e61dd0d6d8d78418f7728f9dfa9c;p=unikraft%2Funikraft.git

lib/ukrandom: Validate getrandom input & rm assert

This change removes the assert on the buffer argument to the getrandom
syscall and replaces it with defined input validation, based on observed
behavior in Linux:
- if the requested number of bytes is 0, getrandom shortcuts to success
- if buffer is NULL and > 0 bytes requested, return -EFAULT instead of
  crashing

Signed-off-by: Andrei Tatar <andrei@unikraft.io>
Approved-by: Michalis Pappas <michalis@unikraft.io>
Reviewed-by: Michalis Pappas <michalis@unikraft.io>
GitHub-Closes: #1637
---

diff --git a/lib/ukrandom/getrandom.c b/lib/ukrandom/getrandom.c
index 274b3244c..6cb7da903 100644
--- a/lib/ukrandom/getrandom.c
+++ b/lib/ukrandom/getrandom.c
@@ -42,7 +42,15 @@ UK_SYSCALL_R_DEFINE(ssize_t, getrandom,
 {
 	int rc;
 
-	UK_ASSERT(buf);
+	/* Observed behavior is that for a 0-length buffer, the value in buf is
+	 * never checked and the syscall shortcuts to success.
+	 * Documentation does not specifically state this, but userspace apps
+	 * have been seen to rely on getrandom(NULL, 0, ...) returning success.
+	 */
+	if (unlikely(!buflen))
+		return 0;
+	if (unlikely(!buf))
+		return -EFAULT;
 
 	rc = uk_random_fill_buffer(buf, buflen);
 	if (unlikely(rc))