cppcms icon indicating copy to clipboard operation
cppcms copied to clipboard
verified publisher icon artyom-beilis

Failed to read /dev/urandom

Open parihaaraka opened this issue 7 years ago • 7 comments

Debian 3.16.39-1+deb8u2 (2017-03-07) x86_64 GNU/Linux

cppcms, http_context.cpp, row 336
*** E [2018-07-18 09:25:26.570] Caught exception [Failed to read /dev/urandom]
0x7f42a85f0c41: booster::runtime_error::runtime_error(std::string const&) + 0x61 in /usr/local/lib/libcppcms.so.1
0x7f42a868bad4: cppcms::urandom_device::generate(void*, unsigned int) + 0xa4 in /usr/local/lib/libcppcms.so.1
...

What could be the problem? It looks like the problem is not exactly related to cppcms..

parihaaraka avatar Jul 18 '18 06:07 parihaaraka

I was googling around and found what I believe it to be possibly related to this debian issue.

The line throwing the error is around src/urandom.cpp:114 where it checks the number of bytes actually read to the number of bytes intended to read. I don't know if len is larger than 33554431 though.

You included the last two lines in the traceback, although I'm curious in what part of using cppcms did you run into this error

mgavin avatar Jul 18 '18 14:07 mgavin

I read 3 bytes (sometimes very frequently) within short object constructor:

cppcms::urandom_device rd;
rd.generate(reinterpret_cast<unsigned char*>(&simple_id), 3);

That's all. I've replaced this part of code with C++11 related one (mt19937 + uniform_int_distribution), but it would be nice to understand the reason of initial trouble.

parihaaraka avatar Jul 18 '18 14:07 parihaaraka

Please record strace output of the failure so I can see what is the exact error I get.

artyom-beilis avatar Jul 18 '18 15:07 artyom-beilis

If you can't reproduce one.

Change these lines in src/urandom.cpp

   if(n!=int(len))
        throw cppcms_error("Failed to read /dev/urandom");

to

   if(n!=int(len)) {
        printf("%d != %d, err=%s",n,int(len),strerror(errno));
        throw cppcms_error("Failed to read /dev/urandom");
   }

And show me what it prints

artyom-beilis avatar Jul 18 '18 15:07 artyom-beilis

It happened twice after months of uptime on production system. First time I desided not to investigate, updated cppcms and forgot about it. Next time I had to change this code. I'am not sure when and how to achieve this behaviour and I can't use production environment to wait for it. Sorry.

parihaaraka avatar Jul 18 '18 15:07 parihaaraka

I see. If so I have one more question.

Do you need cryptographically safe random numbers? If so I still recommend using urandom over standard predictable random generator.

I have another question. Do you use CppCMS deamonization feature?

I commited a changeset that I hope going to solve the issue. Need to get feedback

artyom-beilis avatar Jul 18 '18 17:07 artyom-beilis

  1. No, I do not. That was not the best choice - just the short way.
  2. No. Daemonization feature didn't work for me as expected.

parihaaraka avatar Jul 18 '18 17:07 parihaaraka