albino
/
ngircd-tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ngircd: improve rng initialisation 

we do not need this for cryptographic purposes, but we can do better
than plain srandom(getpid()).

Also, keep in mind that rng state is inherited across fork(), so re-init
it in the child.
This commit is contained in:
Florian Westphal 2011-03-27 22:48:01 +02:00
parent d61fbfc6e3
commit 5acb90fafc
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/ngircd/ngircd.c
View File

@ -60,6 +60,8 @@ static void Pidfile_Delete PARAMS(( void ));
static void Fill_Version PARAMS(( void )); static void Fill_Version PARAMS(( void ));
static void Random_Init PARAMS(( void ));
static void Setup_FDStreams PARAMS(( int fd )); static void Setup_FDStreams PARAMS(( int fd ));
static bool NGIRCd_Init PARAMS(( bool )); static bool NGIRCd_Init PARAMS(( bool ));
@ -262,6 +264,8 @@ main( int argc, const char *argv[] )
NGIRCd_SignalRestart = false; NGIRCd_SignalRestart = false;
NGIRCd_SignalQuit = false; NGIRCd_SignalQuit = false;
Random_Init();
/* Initialize modules, part I */ /* Initialize modules, part I */
Log_Init( ! NGIRCd_NoDaemon ); Log_Init( ! NGIRCd_NoDaemon );
Conf_Init( ); Conf_Init( );
@ -289,8 +293,6 @@ main( int argc, const char *argv[] )
exit(1); exit(1);
} }
srandom(getpid());
/* Create protocol and server identification. The syntax /* Create protocol and server identification. The syntax
* used by ngIRCd in PASS commands and the known "extended * used by ngIRCd in PASS commands and the known "extended
* flags" are described in doc/Protocol.txt. */ * flags" are described in doc/Protocol.txt. */
@ -564,6 +566,37 @@ NGIRCd_getNobodyID(uid_t *uid, gid_t *gid )
} /* NGIRCd_getNobodyID */ } /* NGIRCd_getNobodyID */
static bool
Random_Init_Kern(const char *file)
{
unsigned int seed;
bool ret = false;
int fd = open(file, O_RDONLY);
if (fd >= 0) {
if (read(fd, &seed, sizeof(seed)) == sizeof(seed))
ret = true;
close(fd);
srandom(seed);
}
return ret;
}
/**
* Initialize libc random(3) number generator
*/
static void
Random_Init(void)
{
if (Random_Init_Kern("/dev/urandom"))
return;
if (Random_Init_Kern("/dev/random"))
return;
if (Random_Init_Kern("/dev/arandom"))
return;
srandom(random() ^ getpid() ^ time(NULL));
}
/** /**
* Initialize ngIRCd daemon. * Initialize ngIRCd daemon.
* *

3
src/ngircd/proc.c
View File

@ -50,6 +50,7 @@ GLOBAL pid_t
Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short), int timeout) Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short), int timeout)
{ {
pid_t pid; pid_t pid;
unsigned int seed;
assert(proc != NULL); assert(proc != NULL);
assert(pipefds != NULL); assert(pipefds != NULL);
@ -61,6 +62,7 @@ Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short), int timeout
return -1; return -1;
} }
seed = random();
pid = fork(); pid = fork();
switch (pid) { switch (pid) {
case -1: case -1:
@ -71,6 +73,7 @@ Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short), int timeout
return -1; return -1;
case 0: case 0:
/* New child process: */ /* New child process: */
srandom(seed ^ time(NULL) ^ getpid());
Signals_Exit(); Signals_Exit();
signal(SIGTERM, Proc_GenericSignalHandler); signal(SIGTERM, Proc_GenericSignalHandler);
signal(SIGALRM, Proc_GenericSignalHandler); signal(SIGALRM, Proc_GenericSignalHandler);