From 61015dbc6c1050a21454eb891c38ee5408c4a154 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Mon, 9 Mar 2026 17:00:58 +0000
Subject: util/nvmutil: much safer rhex()

n could be zero under weird regression cases

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/nvmutil.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'util/nvmutil/nvmutil.c')

diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index e16b227c..c069cc6e 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -930,8 +930,9 @@ rhex(void)
 {
 	static size_t n = 0;
 	static uint8_t rnum[12];
+	int max_retries;
 
-	if (!n) {
+	for (max_retries = 0; max_retries < 50 && !n; max_retries++) {
 		n = sizeof(rnum);
 #ifdef NVMUTIL_ARC4RANDOM_BUF
 		arc4random_buf(rnum, n);
@@ -941,6 +942,9 @@ rhex(void)
 #endif
 	}
 
+	if (!n)
+		err(ECANCELED, "Randomisation failure");
+
 	return (uint16_t)(rnum[--n] & 0xf);
 }
 
-- 
cgit v1.2.1