netbsd: fix fallback and test it using configuration flag (#555)

Fixes bug in the NetBSD fallback code based on `KERN_ARND`. `sysctl`
returns either 0 or -1, while the code assumed that on success it
returns number of bytes filled.

Adds the `getrandom_test_netbsd_fallback` configuration flag, which
forces the NetBSD backend to use the `KERN_ARND` fallback, and tweaks CI
to use the flag.

Author: newpavlov

.github/workflows/tests.yml

@@ -208,7 +208,9 @@ jobs:
           usesh: true
           prepare: |
             /usr/sbin/pkg_add rust
-          run: cargo test
+          run: |
+            cargo test
+            RUSTFLAGS="--cfg getrandom_test_netbsd_fallback -D warnings" cargo test
 
   # This job currently fails:
   # https://github.com/rust-random/getrandom/actions/runs/11405005618/job/31735653874?pr=528

CHANGELOG.md

@@ -38,6 +38,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Memory sanitizer support gated behind `getrandom_sanitize` configuration flag [#521]
 - `u32` and `u64` functions for generating random values of the respective type [#544]
 
+### Fixed
+- NetBSD fallback code based on `KERN_ARND` [#555]
+
 [#415]: https://github.com/rust-random/getrandom/pull/415
 [#440]: https://github.com/rust-random/getrandom/pull/440
 [#442]: https://github.com/rust-random/getrandom/pull/442
@@ -54,6 +57,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#542]: https://github.com/rust-random/getrandom/pull/542
 [#544]: https://github.com/rust-random/getrandom/pull/544
 [#554]: https://github.com/rust-random/getrandom/pull/554
+[#555]: https://github.com/rust-random/getrandom/pull/555
 
 ## [0.2.15] - 2024-05-06
 ### Added

Cargo.toml

@@ -83,6 +83,7 @@ check-cfg = [
   'cfg(getrandom_sanitize)',
   'cfg(getrandom_browser_test)',
   'cfg(getrandom_test_linux_fallback)',
+  'cfg(getrandom_test_netbsd_fallback)',
 ]
 
 [package.metadata.docs.rs]

src/backends/netbsd.rs

@@ -30,17 +30,13 @@ unsafe extern "C" fn polyfill_using_kern_arand(
     // NetBSD will only return up to 256 bytes at a time, and
     // older NetBSD kernels will fail on longer buffers.
     let mut len = cmp::min(buflen, 256);
-    let expected_ret = libc::c_int::try_from(len).expect("len is bounded by 256");
-
     let ret = unsafe { libc::sysctl(MIB.as_ptr(), MIB_LEN, buf, &mut len, ptr::null(), 0) };
 
-    if ret == expected_ret {
-        libc::ssize_t::try_from(ret).expect("len is bounded by 256")
-    } else if ret == -1 {
-        -1
-    } else {
+    match ret {
+        0 if len <= 256 => libc::ssize_t::try_from(len).expect("len is in the range of 0..=256"),
+        -1 => -1,
         // Zero return result will be converted into `Error::UNEXPECTED` by `sys_fill_exact`
-        0
+        _ => 0,
     }
 }
 
@@ -53,7 +49,7 @@ fn init() -> *mut c_void {
     static NAME: &[u8] = b"getrandom\0";
     let name_ptr = NAME.as_ptr().cast::<libc::c_char>();
     let mut ptr = unsafe { libc::dlsym(libc::RTLD_DEFAULT, name_ptr) };
-    if ptr.is_null() {
+    if ptr.is_null() || cfg!(getrandom_test_netbsd_fallback) {
         // Verify `polyfill_using_kern_arand` has the right signature.
         const POLYFILL: GetRandomFn = polyfill_using_kern_arand;
         ptr = POLYFILL as *mut c_void;