Bug#636266: libc6: fread() reads more than specified number of bytes

[Jonathan Nieder <jrnieder@gmail.com>]

# complex
severity 636266 wishlist
retitle 636266 libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy
tags 636266 + upstream
quit

Hi Philipp,

Ph. Marek wrote:

> fopen()/fread() is used by some software packages (I noticed it via ECL) to
> read data from /dev/urandom.
>
> But fread() reads more bytes than specified (rounded up to 4096!), thereby
> decreasing the available entropy by a large amount.

Not sure what libc can do about that.  Maybe the kernel could say,
"Please, do not buffer when reading this file" and libc could respect
that.  But fundamentally, buffering is what fread is all about, so as
a first step I would suggest reporting the bug to the authors of each
program you find this in (after all, the same symptoms show up on
other platforms, too).

In the C and POSIX standards, the behavior of fread is defined in
terms of fgetc.  To be reasonably fast and decrease the number of
system calls, traditionally fgetc attempts to fill a large buffer
when it calls read().  Should fread behave differently?  I would find
it strange for fread(1, 1) to use a different sequence of system calls
from fgetc.

Anyway, I agree that this is a problem somewhere.  Thanks for
reporting it.  Ideas welcome.

Regards,
Jonathan

Meanwhile Linux suffers for the lack of erandom and frandom for
typical uses of random numbers, though that's another story.