netbsd: fix potential panic (#519)

newpavlov · web-flow · commit ce35c6704bff · 2024-10-16T05:33:54.000+03:00
The code was assuming that syscall returns either -1 or provided length.
Fix code to account for potential bad return results.
diff --git a/.github/workflows/nopanic.yaml b/.github/workflows/nopanic.yaml
@@ -74,6 +74,7 @@ jobs:
           toolchain: stable
           components: rust-src
           targets: aarch64-unknown-linux-gnu,x86_64-unknown-netbsd,x86_64-unknown-freebsd,x86_64-pc-solaris
+      # TODO: use pre-compiled cross after a new (post-0.2.5) release
       - name: Install cross
         run: cargo install cross --git https://github.com/cross-rs/cross
 
@@ -89,10 +90,10 @@ jobs:
       - name: Check (getrandom.rs)
         run: ret=$(grep panic target/x86_64-unknown-freebsd/release/libgetrandom_wrapper.so; echo $?); [ $ret -eq 1 ]
 
-      # - name: Build (netbsd.rs)
-      #   run: cross build --release --target=x86_64-unknown-netbsd
-      # - name: Check (netbsd.rs)
-      #   run: ret=$(grep panic target/x86_64-unknown-netbsd/release/libgetrandom_wrapper.so; echo $?); [ $ret -eq 1 ]
+      - name: Build (netbsd.rs)
+        run: cross build --release --target=x86_64-unknown-netbsd
+      - name: Check (netbsd.rs)
+        run: ret=$(grep panic target/x86_64-unknown-netbsd/release/libgetrandom_wrapper.so; echo $?); [ $ret -eq 1 ]
 
       # - name: Build (solaris.rs)
       #   run: cross build --release --target=x86_64-pc-solaris
diff --git a/src/netbsd.rs b/src/netbsd.rs
@@ -25,12 +25,17 @@ unsafe extern "C" fn polyfill_using_kern_arand(
     // NetBSD will only return up to 256 bytes at a time, and
     // older NetBSD kernels will fail on longer buffers.
     let mut len = cmp::min(buflen, 256);
+    let expected_ret = libc::c_int::try_from(len).expect("len is bounded by 256");
 
     let ret = unsafe { libc::sysctl(MIB.as_ptr(), MIB_LEN, buf, &mut len, ptr::null(), 0) };
-    if ret == -1 {
+
+    if ret == expected_ret {
+        libc::ssize_t::try_from(ret).expect("len is bounded by 256")
+    } else if ret == -1 {
         -1
     } else {
-        libc::ssize_t::try_from(len).expect("len is bounded by 256")
+        // Zero return result will be converted into `Error::UNEXPECTED` by `sys_fill_exact`
+        0
     }
 }
 
