Bug 122967
Summary: | libica-1.3.4-urandom.patch is broken if /dev/urandom can't be opened | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Timo Sirainen <tss> |
Component: | openssl | Assignee: | Phil Knirsch <pknirsch> |
Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | laroche, nalin, rvokal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-12-23 14:11:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Timo Sirainen
2004-05-10 19:29:52 UTC
Made a modification to the patch to do better checks of the rfd and the read() call: + static int rfd = -1; /* File descriptor to /dev/urandom */ + unsigned char retval; + + if (rfd < 0) { + rfd = open("/dev/urandom", O_RDONLY); + } + + /* If we have a valid fd for /dev/urandom then use it */ + if (rfd >= 0 && read(rfd, &retval, 1) == 0) { + return retval; + } This way the open() will only be called if the rfd was -1 which is either at the beginning or if the open() call failed. Afterwards the read() call will only be done if the rfd >= 0 and the return value will only be used if the read() call was successfull, otherwise the old method of the pseudo number generator will be used. Fix is in latestes devel openssl package. Read ya, Phil |