Bug 122967 - libica-1.3.4-urandom.patch is broken if /dev/urandom can't be opened
libica-1.3.4-urandom.patch is broken if /dev/urandom can't be opened
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-10 15:29 EDT by Timo Sirainen
Modified: 2015-03-04 20:13 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-23 09:11:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Timo Sirainen 2004-05-10 15:29:52 EDT
Description of problem:
+      if (!rfd) {
+          rfd = open("/dev/urandom", O_RDONLY);
+      }
+
+      /* If we have a valid fd for /dev/urandom then use it */
+      if (rfd) {
+         read(rfd, &retval, 1);
+         return retval;
+      }

It should be if (rdf == -1), not if (rfd). Wouldn't be a bad idea to
check read()'s return value either..
Comment 1 Phil Knirsch 2004-12-23 09:11:41 EST
Made a modification to the patch to do better checks of the rfd and
the read() call:

+      static int rfd = -1;     /* File descriptor to /dev/urandom */
+      unsigned char retval;
+
+      if (rfd < 0) {
+          rfd = open("/dev/urandom", O_RDONLY);
+      }
+
+      /* If we have a valid fd for /dev/urandom then use it */
+      if (rfd >= 0 && read(rfd, &retval, 1) == 0) {
+         return retval;
+      }


This way the open() will only be called if the rfd was -1 which is
either at the beginning or if the open() call failed.

Afterwards the read() call will only be done if the rfd >= 0 and the
return value will only be used if the read() call was successfull,
otherwise the old method of the pseudo number generator will be used.

Fix is in latestes devel openssl package.

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.