Bug#775005: [macchanger] MAC randomization doesn't generate a random MAC

2015-01-16 Thread Ben Hutchings 
I don't know how it is possible for /dev/hwrng to be present but
unreadable.  Loading rng-core on a system without a hardware random
driver doesn't do it.  However, it is possible to reproduce this poor
randomisation after running 'ln -s null /dev/hwrng'.

I've uploaded a fix for this and am attaching the NMU diff.

Ben.

-- 
Ben Hutchings
Lowery's Law:
 If it jams, force it. If it breaks, it needed replacing anyway.
diff -Nru macchanger-1.7.0/debian/changelog macchanger-1.7.0/debian/changelog
--- macchanger-1.7.0/debian/changelog	2014-12-18 11:51:19.0 +
+++ macchanger-1.7.0/debian/changelog	2015-01-16 23:22:14.0 +
@@ -1,3 +1,10 @@
+macchanger (1.7.0-5.1) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * Check for random device read errors (Closes: #775005)
+
+ -- Ben Hutchings b...@decadent.org.uk  Fri, 16 Jan 2015 23:22:13 +
+
 macchanger (1.7.0-5) unstable; urgency=low
 
   * fix maintainer-script-without-set-e config
diff -Nru macchanger-1.7.0/debian/patches/check-random-device-read-errors.patch macchanger-1.7.0/debian/patches/check-random-device-read-errors.patch
--- macchanger-1.7.0/debian/patches/check-random-device-read-errors.patch	1970-01-01 01:00:00.0 +0100
+++ macchanger-1.7.0/debian/patches/check-random-device-read-errors.patch	2015-01-16 23:03:34.0 +
@@ -0,0 +1,47 @@
+Description: Check for random device read errors
+ In some cases it is possible to open /dev/hwrng but not to read from it.
+ We need to check for errors and move on to the next possible random device
+ in this case.
+Author: Ben Hutchings b...@decadent.org.uk
+Bug-Debian: https://bugs.debian.org/775005
+
+---
+--- a/src/main.c
 b/src/main.c
+@@ -91,17 +91,29 @@ print_mac (const char *s, const mac_t *m
+ static void
+ random_seed (void)
+ {
++	static const char *const dev_names[] = {
++		/dev/hwrng,
++		/dev/random,
++		/dev/urandom,
++		NULL,
++	};
+ 	intfd;
+ 	struct timeval tv;
+ 	unsigned int   seed;
++	const char *const *name;
++	ssize_tread_len = 0;
+ 
+-	if ((fd = open(/dev/hwrng, O_RDONLY)) = 0 ||
+-	(fd = open(/dev/random, O_RDONLY)) = 0 ||
+-	(fd = open(/dev/urandom, O_RDONLY)) = 0)
+-	{
+-		read (fd, seed, sizeof(seed));
+-		close (fd);
+-	} else {
++	for (name = dev_names; *name; name++) {
++		fd = open(*name, O_RDONLY);
++		if (fd = 0) {
++			read_len = read (fd, seed, sizeof(seed));
++			close (fd);
++			if (read_len == sizeof(seed))
++break;
++		}
++	}
++
++	if (read_len != sizeof(seed)) {
+ 		gettimeofday (tv, NULL);
+ 		seed = (getpid()  16) ^ tv.tv_sec ^ tv.tv_usec;
+ 	}
diff -Nru macchanger-1.7.0/debian/patches/series macchanger-1.7.0/debian/patches/series
--- macchanger-1.7.0/debian/patches/series	2014-03-18 14:59:20.0 +
+++ macchanger-1.7.0/debian/patches/series	2015-01-16 22:51:05.0 +
@@ -1,3 +1,4 @@
 02-fix_usage_message.patch
 06-update_OUI_list.patch
 08-fix_random_MAC_choice.patch
+check-random-device-read-errors.patch


signature.asc
Description: This is a digitally signed message part

Bug#775005: [macchanger] MAC randomization doesn't generate a random MAC

2015-01-09 Thread Maximilian Engelhardt 
Package: macchanger
Version: 1.7.0-3.2
Severity: grave

Trying to randomize the MAC address of an interface toggles between two MAC 
addresses instead of setting a random MAC address. See the following example:

$ macchanger -A wlan8
Current MAC:   00:05:01:98:56:c3 (CISCO SYSTEMS, INC.)
Permanent MAC: 24:fd:52:XX:XX:XX (Liteon Technology Corporation)
New MAC:   00:05:01:98:26:05 (CISCO SYSTEMS, INC.)
$ macchanger -A wlan8
Current MAC:   00:05:01:98:26:05 (CISCO SYSTEMS, INC.)
Permanent MAC: 24:fd:52:XX:XX:XX (Liteon Technology Corporation)
New MAC:   00:05:01:98:56:c3 (CISCO SYSTEMS, INC.)
$ macchanger -A wlan8
Current MAC:   00:05:01:98:56:c3 (CISCO SYSTEMS, INC.)
Permanent MAC: 24:fd:52:XX:XX:XX (Liteon Technology Corporation)
New MAC:   00:05:01:98:26:05 (CISCO SYSTEMS, INC.)
$ macchanger -A wlan8
Current MAC:   00:05:01:98:26:05 (CISCO SYSTEMS, INC.)
Permanent MAC: 24:fd:52:XX:XX:XX (Liteon Technology Corporation)
New MAC:   00:05:01:98:56:c3 (CISCO SYSTEMS, INC.)


The problem here seems to be in the random_seed function where macchanger 
tries to open different devices for random numbers and takes the first one 
where open() is successful but never checks if the following read() is 
successful.

http://sources.debian.net/src/macchanger/1.7.0-5/src/main.c/#L92

also see this strace snippet:

open(/dev/hwrng, O_RDONLY)= 3
read(3, 0x7fffe23909ec, 4)  = -1 ENODEV (No such device)
close(3)= 0


I don't know why I do have this non-working /dev/hwrng device. It gets somehow 
automatically created by loading the b43 kernel module.

Macchanger should check if the read() was successful and if not try the next 
entropy device or at least abort with an error instead pretending to set a 
random MAC address which clearly is not random.


Another problem I spotted is that if reading from an entropy device does work 
only sizeof(unsigned int) entropy is read, which is only guaranteed to be 2 
octets. However from these are then up to 6 octets of random data generated 
(in case of a fully random MAC) which clearly does not work as expected.


--- System information. ---
Architecture: amd64
Kernel:   Linux 3.18.0-trunk-amd64

Debian Release: 8.0
  500 testing security.debian.org 
  500 testing mirror.stusta.mhn.de 
  500 testing http.debian.net 

--- Package information. ---
Depends (Version) | Installed
=-+-=
libc6(= 2.4) | 
dpkg (= 1.15.4)  | 
 OR install-info  | 


Package's Recommends field is empty.

Package's Suggests field is empty.

signature.asc
Description: This is a digitally signed message part.