From e1e60601ffeb8ef68c82bc349ab16a9633715da5 Mon Sep 17 00:00:00 2001
From: =?utf8?q?David=20H=C3=A4rdeman?= <david@hardeman.nu>
Date: Mon, 20 Oct 2025 22:57:52 +0200
Subject: [PATCH] odhcpd: improve odhcpd_urandom()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

First, note that not a single caller checks the return value - which is
quite reasonable. What are they supposed to do with a failure?

Second, none of the callers do anything that's *really*
security-sensitive, the closest we have is the force reconf nonce, and
that is blorted out over the network, so it's really a best-effort kind
of thing.

Third, odhcpd_urandom() currently doesn't check if it e.g. got
interrupted by a signal.

So, simplify and modernize this a bit by using getrandom(), which allows
us to skip one fd, and which avoids syscalls by using the vDSO approach
instead. Also, check for things like signal interrupts (don't really
happen on calls for entropy < 256 bytes, but still). And make a
reasonable effort, but not much more.

Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/odhcpd/pull/285
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
---
 src/odhcpd.c | 34 ++++++++++++++++++++++++++--------
 src/odhcpd.h |  2 +-
 2 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/src/odhcpd.c b/src/odhcpd.c
index ef67acc..0f314bf 100644
--- a/src/odhcpd.c
+++ b/src/odhcpd.c
@@ -39,12 +39,12 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/syscall.h>
+#include <sys/random.h>
 
 #include <libubox/uloop.h>
 #include "odhcpd.h"
 
 static int ioctl_sock = -1;
-static int urandom_fd = -1;
 
 void __iflog(int lvl, const char *fmt, ...)
 {
@@ -148,13 +148,9 @@ int main(int argc, char **argv)
 	}
 
 	ioctl_sock = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
-
 	if (ioctl_sock < 0)
 		return 4;
 
-	if ((urandom_fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC)) < 0)
-		return 4;
-
 	signal(SIGUSR1, SIG_IGN);
 	signal(SIGINT, sighandler);
 	signal(SIGTERM, sighandler);
@@ -542,11 +538,33 @@ void odhcpd_process(struct odhcpd_event *event)
 	odhcpd_receive_packets(&event->uloop, 0);
 }
 
-int odhcpd_urandom(void *data, size_t len)
+void odhcpd_urandom(void *data, size_t len)
 {
-	return read(urandom_fd, data, len);
-}
+	static bool warned_once = false;
 
+	while (true) {
+		ssize_t r;
+
+		if (len == 0)
+			return;
+
+		r = getrandom(data, len, GRND_INSECURE);
+		if (r < 0) {
+			if (errno == EINTR)
+				continue;
+
+			if (!warned_once) {
+				error("getrandom(): %m");
+				warned_once = true;
+			}
+
+			return;
+		}
+
+		len -= r;
+		data = (uint8_t *)data + r;
+	}
+}
 
 time_t odhcpd_time(void)
 {
diff --git a/src/odhcpd.h b/src/odhcpd.h
index ae0e6f5..02babc5 100644
--- a/src/odhcpd.h
+++ b/src/odhcpd.h
@@ -514,7 +514,7 @@ int odhcpd_get_interface_config(const char *ifname, const char *what);
 int odhcpd_get_mac(const struct interface *iface, uint8_t mac[6]);
 int odhcpd_get_flags(const struct interface *iface);
 struct interface* odhcpd_get_interface_by_index(int ifindex);
-int odhcpd_urandom(void *data, size_t len);
+void odhcpd_urandom(void *data, size_t len);
 
 void odhcpd_run(void);
 time_t odhcpd_time(void);
-- 
2.30.2