Check whether /dev/urandom is character device

This checks whether `/dev/urandom` is a character based device, which is the expectation. This is considered good practice to prevent attacks where the device is being replaced, etc. References: [1]: https://github.com/jedisct1/libsodium/blob/c752eb55d9e9992bc38e7790128953427aa0a89f/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c#L164 [2]: https://twitter.com/CiPHPerCoder/status/733904477196029954
Yubico · Apr 5, 2018 · 5d4ef7b · 5d4ef7b
1 parent 2c7a00e
commit 5d4ef7b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/util.c b/util.c
@@ -189,7 +189,7 @@ int generate_random(void *buf, int len)
 	int res;
 
 	u = fopen("/dev/urandom", "re");
-	if (!u) {
+	if (!u || !S_ISCHAR(u)) {
 		return -1;
 	}