Bug 122967

Summary:	libica-1.3.4-urandom.patch is broken if /dev/urandom can't be opened
Product:	[Fedora] Fedora	Reporter:	Timo Sirainen <tss>
Component:	openssl	Assignee:	Phil Knirsch <pknirsch>
Status:	CLOSED RAWHIDE	QA Contact:	Brian Brock <bbrock>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	laroche, nalin, rvokal
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2004-12-23 14:11:41 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Timo Sirainen 2004-05-10 19:29:52 UTC

Description of problem:
+      if (!rfd) {
+          rfd = open("/dev/urandom", O_RDONLY);
+      }
+
+      /* If we have a valid fd for /dev/urandom then use it */
+      if (rfd) {
+         read(rfd, &retval, 1);
+         return retval;
+      }

It should be if (rdf == -1), not if (rfd). Wouldn't be a bad idea to
check read()'s return value either..

Comment 1 Phil Knirsch 2004-12-23 14:11:41 UTC

Made a modification to the patch to do better checks of the rfd and
the read() call:

+      static int rfd = -1;     /* File descriptor to /dev/urandom */
+      unsigned char retval;
+
+      if (rfd < 0) {
+          rfd = open("/dev/urandom", O_RDONLY);
+      }
+
+      /* If we have a valid fd for /dev/urandom then use it */
+      if (rfd >= 0 && read(rfd, &retval, 1) == 0) {
+         return retval;
+      }


This way the open() will only be called if the rfd was -1 which is
either at the beginning or if the open() call failed.

Afterwards the read() call will only be done if the rfd >= 0 and the
return value will only be used if the read() call was successfull,
otherwise the old method of the pseudo number generator will be used.

Fix is in latestes devel openssl package.

Read ya, Phil