128285 – OpenSSL RAND code has unsafe use of select()

Bug 128285 - OpenSSL RAND code has unsafe use of select()

Summary: OpenSSL RAND code has unsafe use of select()

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssl
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-07-21 09:04 UTC by Joe Orton
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:	openssl-0.9.7f-6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-04-27 11:16:45 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Joe Orton 2004-07-21 09:04:37 UTC

Description of problem:
The OpenSSL RAND code uses select() to poll /dev/random and doesn't
check that fd numbers returned by open() are < FD_SETSIZE before
passing them to FD_SET.  This causes undefined behaviour i.e.
segfaults if fd numbers are pushed above 1024 when e.g. using
thousands of log files in a large-scale vhost config with Apache.

The code should at minimum have < FD_SETSIZE checks and ideally would
use poll() instead to remove the problem entirely.

(there are many such bugs in random Apache modules and libraries they
use, filing bugs on each of them as I find them)

Comment 1 Matthew Miller 2005-04-26 15:26:02 UTC

Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 2 Tomas Mraz 2005-04-27 11:16:45 UTC

Replaced select by poll.

Note You need to log in before you can comment on or make changes to this bug.