diff options
| author | wtc%netscape.com <devnull@localhost> | 2002-01-27 00:14:59 +0000 |
|---|---|---|
| committer | wtc%netscape.com <devnull@localhost> | 2002-01-27 00:14:59 +0000 |
| commit | 6bd8d61674e908e71c7ba1f8a719b397f16c7377 (patch) | |
| tree | 596072a4433dc17ff282942254c8510150038028 | |
| parent | 4fdfd1d4c8fe84d67547bc6f57880bae8469429e (diff) | |
| download | nss-hg-6bd8d61674e908e71c7ba1f8a719b397f16c7377.tar.gz | |
Bugzilla bug 100447: on BSD/OS 4.2 and 4.3, we have problem calling
safe_popen in a threaded program. So we don't call safe_popen when
we obtained some entropy from /dev/urandom. Thanks to lidl@pix.net
for the bug report and the fix.
| -rw-r--r-- | security/nss/lib/freebl/unix_rand.c | 48 |
1 files changed, 32 insertions, 16 deletions
diff --git a/security/nss/lib/freebl/unix_rand.c b/security/nss/lib/freebl/unix_rand.c index 2c3ac5c75..23118523a 100644 --- a/security/nss/lib/freebl/unix_rand.c +++ b/security/nss/lib/freebl/unix_rand.c @@ -744,28 +744,17 @@ for the small amount of entropy it provides. static char ps_cmd[] = "ps -el"; #endif #endif /* DO_PS */ +#if defined(BSDI) + static char netstat_ni_cmd[] = "netstat -nis"; +#else static char netstat_ni_cmd[] = "netstat -ni"; +#endif GiveSystemInfo(); bytes = RNG_GetNoise(buf, sizeof(buf)); RNG_RandomUpdate(buf, bytes); -#ifdef DO_PS - fp = safe_popen(ps_cmd); - if (fp != NULL) { - while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0) - RNG_RandomUpdate(buf, bytes); - safe_pclose(fp); - } -#endif - fp = safe_popen(netstat_ni_cmd); - if (fp != NULL) { - while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0) - RNG_RandomUpdate(buf, bytes); - safe_pclose(fp); - } - /* * Pass the C environment and the addresses of the pointers to the * hash function. This makes the random number function depend on the @@ -786,7 +775,7 @@ for the small amount of entropy it provides. GiveSystemInfo(); /* grab some data from system's PRNG before any other files. */ - RNG_FileUpdate("/dev/urandom", 1024); + bytes = RNG_FileUpdate("/dev/urandom", 1024); /* If the user points us to a random file, pass it through the rng */ randfile = getenv("NSRANDFILE"); @@ -798,6 +787,33 @@ for the small amount of entropy it provides. for (cp = files; *cp; cp++) RNG_FileForRNG(*cp); +/* + * Bug 100447: On BSD/OS 4.2 and 4.3, we have problem calling safe_popen + * in a pthreads environment. Therefore, we call safe_popen last and on + * BSD/OS we do not call safe_popen when we succeeded in getting data + * from /dev/urandom. + */ + +#ifdef BSDI + if (bytes) + return; +#endif + +#ifdef DO_PS + fp = safe_popen(ps_cmd); + if (fp != NULL) { + while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0) + RNG_RandomUpdate(buf, bytes); + safe_pclose(fp); + } +#endif + fp = safe_popen(netstat_ni_cmd); + if (fp != NULL) { + while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0) + RNG_RandomUpdate(buf, bytes); + safe_pclose(fp); + } + } #else void RNG_SystemInfoForRNG(void) |