Bugzilla – Attachment 760 Details for
Bug 968
OpenSSH 3.8p1 PRNG seed extraction failed error
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Use temporary file for prng_seed
rand-mkstemp.diff (text/plain), 2.18 KB, created by
Damien Miller
on 2005-01-08 09:39:32 AEDT
(
hide
)
Description:
Use temporary file for prng_seed
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2005-01-08 09:39:32 AEDT
Size:
2.18 KB
patch
obsolete
>Index: ssh-rand-helper.c >=================================================================== >RCS file: /var/cvs/openssh/ssh-rand-helper.c,v >retrieving revision 1.20 >diff -u -r1.20 ssh-rand-helper.c >--- ssh-rand-helper.c 20 Dec 2004 01:05:08 -0000 1.20 >+++ ssh-rand-helper.c 7 Jan 2005 22:34:10 -0000 >@@ -550,10 +550,11 @@ > void > prng_write_seedfile(void) > { >- int fd; >+ int fd, save_errno; > unsigned char seed[SEED_FILE_SIZE]; >- char filename[MAXPATHLEN]; >+ char filename[MAXPATHLEN], tmpseed[MAXPATHLEN]; > struct passwd *pw; >+ mode_t old_umask; > > pw = getpwuid(getuid()); > if (pw == NULL) >@@ -568,7 +569,10 @@ > snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, > SSH_PRNG_SEED_FILE); > >- debug("writing PRNG seed to file %.100s", filename); >+ strlcpy(tmpseed, filename, sizeof(tmpseed)); >+ if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >= >+ sizeof(tmpseed)) >+ fatal("PRNG seed filename too long"); > > if (RAND_bytes(seed, sizeof(seed)) <= 0) > fatal("PRNG seed extraction failed"); >@@ -576,15 +580,31 @@ > /* Don't care if the seed doesn't exist */ > prng_check_seedfile(filename); > >- if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) { >- debug("WARNING: couldn't access PRNG seedfile %.100s " >- "(%.100s)", filename, strerror(errno)); >+ old_umask = umask(0177); >+ >+ if ((fd = mkstemp(tmpseed)) == -1) { >+ debug("WARNING: couldn't make temporary PRNG seedfile %.100s " >+ "(%.100s)", tmpseed, strerror(errno)); > } else { >- if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) >+ debug("writing PRNG seed to file %.100s", tmpseed); >+ if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) { >+ save_errno = errno; >+ close(fd); >+ unlink(tmpseed); > fatal("problem writing PRNG seedfile %.100s " >- "(%.100s)", filename, strerror(errno)); >+ "(%.100s)", filename, strerror(save_errno)); >+ } > close(fd); >+ debug("moving temporary PRNG seed to file %.100s", filename); >+ if (rename(tmpseed, filename) == -1) { >+ save_errno = errno; >+ unlink(tmpseed); >+ fatal("problem renaming PRNG seedfile from %.100s " >+ "to %.100s (%.100s)", tmpseed, filename, >+ strerror(save_errno)); >+ } > } >+ umask(old_umask); > } > > void
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=760">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 968
:
757
|
758
|
759
| 760 |
827
|
828