mirror of
https://github.com/uutils/shadow.git
synced 2026-06-10 16:14:57 -07:00
shadow-core: use getrandom from rustix (#165)
to replace unsafe libc::getrandom Co-authored-by: oech3 <>
This commit is contained in:
+1
-1
@@ -59,7 +59,7 @@ uucore = "0.8"
|
||||
thiserror = "2"
|
||||
|
||||
# Unix/Linux
|
||||
rustix = { version = "1", features = ["process", "fs", "termios", "param"] }
|
||||
rustix = { version = "1", features = ["fs", "param", "process", "rand", "termios"] }
|
||||
libc = "0.2"
|
||||
|
||||
# Security
|
||||
|
||||
@@ -51,13 +51,9 @@ impl CryptMethod {
|
||||
/// Generate a random salt string for crypt(3).
|
||||
fn generate_salt(method: CryptMethod, rounds: Option<u32>) -> Result<String, ShadowError> {
|
||||
let mut rand_bytes = [0u8; 16];
|
||||
|
||||
// Use getrandom(2) syscall — works in chroot environments without /dev/urandom.
|
||||
// SAFETY: getrandom(2) writes into a valid buffer and returns bytes written or -1.
|
||||
let ret = unsafe { libc::getrandom(rand_bytes.as_mut_ptr().cast(), rand_bytes.len(), 0) };
|
||||
if ret < 0 || ret.cast_unsigned() < rand_bytes.len() {
|
||||
return Err(ShadowError::Other("getrandom(2) failed".into()));
|
||||
}
|
||||
rustix::rand::getrandom(&mut rand_bytes, rustix::rand::GetRandomFlags::empty())
|
||||
.map_err(|_| ShadowError::Other("getrandom(2) failed".into()))?;
|
||||
|
||||
let salt_str: String = rand_bytes
|
||||
.iter()
|
||||
|
||||
Reference in New Issue
Block a user