revert previous patch, the problem is located in the RAND_file_name()
function that will cause recursive nss lookups, can't fix that here. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22200 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
		| @@ -1,5 +1,5 @@ | |||||||
| /* | /* | ||||||
|  * Copyright (c) 1997 - 2007 Kungliga Tekniska H<>gskolan |  * Copyright (c) 1997 - 2005 Kungliga Tekniska H<>gskolan | ||||||
|  * (Royal Institute of Technology, Stockholm, Sweden).  |  * (Royal Institute of Technology, Stockholm, Sweden).  | ||||||
|  * All rights reserved.  |  * All rights reserved.  | ||||||
|  * |  * | ||||||
| @@ -3452,13 +3452,13 @@ krb5_decrypt_EncryptedData(krb5_context context, | |||||||
| #define ENTROPY_NEEDED 128 | #define ENTROPY_NEEDED 128 | ||||||
|  |  | ||||||
| static int | static int | ||||||
| seed_something(const char *seedfile) | seed_something(void) | ||||||
| { | { | ||||||
|     char buf[1024]; |     char buf[1024], seedfile[256]; | ||||||
|  |  | ||||||
|     /* If there is a seed file, load it. But such a file cannot be trusted, |     /* If there is a seed file, load it. But such a file cannot be trusted, | ||||||
|        so use 0 for the entropy estimate */ |        so use 0 for the entropy estimate */ | ||||||
|     if (seedfile[0]) { |     if (RAND_file_name(seedfile, sizeof(seedfile))) { | ||||||
| 	int fd; | 	int fd; | ||||||
| 	fd = open(seedfile, O_RDONLY); | 	fd = open(seedfile, O_RDONLY); | ||||||
| 	if (fd >= 0) { | 	if (fd >= 0) { | ||||||
| @@ -3467,8 +3467,10 @@ seed_something(const char *seedfile) | |||||||
| 	    if (ret > 0) | 	    if (ret > 0) | ||||||
| 		RAND_add(buf, ret, 0.0); | 		RAND_add(buf, ret, 0.0); | ||||||
| 	    close(fd); | 	    close(fd); | ||||||
| 	} | 	} else | ||||||
|     } | 	    seedfile[0] = '\0'; | ||||||
|  |     } else | ||||||
|  | 	seedfile[0] = '\0'; | ||||||
|  |  | ||||||
|     /* Calling RAND_status() will try to use /dev/urandom if it exists so |     /* Calling RAND_status() will try to use /dev/urandom if it exists so | ||||||
|        we do not have to deal with it. */ |        we do not have to deal with it. */ | ||||||
| @@ -3503,13 +3505,7 @@ krb5_generate_random_block(void *buf, size_t len) | |||||||
|      |      | ||||||
|     HEIMDAL_MUTEX_lock(&crypto_mutex); |     HEIMDAL_MUTEX_lock(&crypto_mutex); | ||||||
|     if (!rng_initialized) { |     if (!rng_initialized) { | ||||||
| 	char seedfile[256]; | 	if (seed_something()) | ||||||
|  |  | ||||||
| 	HEIMDAL_MUTEX_unlock(&crypto_mutex); |  | ||||||
| 	if (RAND_file_name(seedfile, sizeof(seedfile)) == 0) |  | ||||||
| 	    seedfile[0] = '\0'; |  | ||||||
| 	HEIMDAL_MUTEX_lock(&crypto_mutex); |  | ||||||
| 	if (seed_something(seedfile)) |  | ||||||
| 	    krb5_abortx(NULL, "Fatal: could not seed the " | 	    krb5_abortx(NULL, "Fatal: could not seed the " | ||||||
| 			"random number generator"); | 			"random number generator"); | ||||||
| 	 | 	 | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Love Hörnquist Åstrand
					Love Hörnquist Åstrand