Re: Entropy sources under WinXP

From: daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner)
Date: Sat, 19 May 2007 00:37:00 +0000 (UTC)

Sebastian G. wrote:

Ben Rudiak-Gould wrote:

Sebastian G. wrote:

You cannot directly read this value without risking a buffer overflow on
Windows version before Windows Vista.

References?

The way the registry works. Since you can't aquire a lock and the value can
grow unlimitedly, using a large buffer isn't sufficient. Querying the
required buffer size and hen reading it would require transactional semantic
over the set of these operations, which sadly is only available in Windows
Vista.

What does the interface for reading this value look like?

If it is:

/* Gets the size of a registry entry whose key is 'name'. */
size_t getsize(char *name);
/* Reads up to 'bufsize' bytes from the named reg. entry into 'buf'. */
int readentry(char *name, char *buf, size_t bufsize);

then I don't see the problem. One can always do something like:

/* Returns the registry value whose key is 'name'. */
char *getentry(char *name) {
size_t bufsize;
char *buf;
int rv;

while (1) {
bufsize = getsize(name);
buf = xmalloc(bufsize);
rv = readentry(name, buf, bufsize);
if (rv == SUCCESS)
return buf;
free(buf);
}
}

That is not vulnerable to buffer overrun, even in the presence of a
race condition. You should be able to make something like this work
just fine for purposes of reading a random number seed.

On the other hand, if the interface is:

/* Gets the size of a registry entry whose key is 'name'. */
size_t getsize(char *name);
/* Copies the named reg. entry into 'buf'. */
int readentry(char *name, char *buf);

then your objections (TOCTTOU, buffer overrun) look plausible.
.

Follow-Ups:
- Re: Entropy sources under WinXP
  - From: Sebastian G.

References:
- Entropy sources under WinXP
  - From: keith
- Re: Entropy sources under WinXP
  - From: Sebastian G.
- Re: Entropy sources under WinXP
  - From: Ben Rudiak-Gould
- Re: Entropy sources under WinXP
  - From: Sebastian G.

Prev by Date: Re: Entropy sources under WinXP
Next by Date: Re: Letter Writing and Cryptography
Previous by thread: Re: Re: Entropy sources under WinXP
Next by thread: Re: Entropy sources under WinXP
Index(es):
- Date
- Thread

Relevant Pages

Re: Vista beta vs. OSX
... In part one of my comparison of Windows Vista Beta 1 and Mac OS X 10.4 ... Microsoft claims that Windows XP and, by extension, Windows Vista, were ...
(comp.sys.mac.advocacy)
Re: Vista beta vs. OSX
... > In part one of my comparison of Windows Vista Beta 1 and Mac OS X 10.4 ... > part, OS X came out well ahead of Windows Vista, as you'd expect, since ... > Microsoft claims that Windows XP and, by extension, Windows Vista, were ...
(comp.sys.mac.advocacy)
Re: Windows XP security updates on reinstalled computer
... Below this point you will find the Windows XP ... - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code ... - An Unchecked Buffer in the Windows Shell Could Permit Your System to Be ... - Unchecked Buffer in Windows Help Facility May Allow Attacker to Run Code ...
(microsoft.public.windowsxp.general)
Re: How do I apply updates from Update Catalogue?
... > saved them on a network drive. ... Below this point you will find the Windows XP ... - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code ... - Unchecked Buffer in Windows Help Facility May Allow Attacker to Run Code ...
(microsoft.public.windowsupdate)
Re: Patch Management
... the machine in question would need to be on the same network. ... Below this point you will find the Windows XP ... - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code ... - Unchecked Buffer in Windows Help Facility May Allow Attacker to Run Code ...
(microsoft.public.windowsupdate)