git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@421 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/03/20 08:12:33... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Sat Mar 20 00:16:26 CET 2004 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav: cl_gentemp(): do not use /dev/urandom |
|
4 |
+ |
|
1 | 5 |
Fri Mar 19 21:42:51 CET 2004 (tk) |
2 | 6 |
--------------------------------- |
3 | 7 |
* clamd: thrmgr.c, server-th.c: added missing new line characters in logg() |
... | ... |
@@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for |
81 | 81 |
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created |
82 | 82 |
dnl (the prefix is a bit different, since we add an extra -target- and -host-) |
83 | 83 |
dnl |
84 |
-dnl @version: $Id: aclocal.m4,v 1.28 2004/03/13 20:08:10 kojm Exp $ |
|
84 |
+dnl @version: $Id: aclocal.m4,v 1.29 2004/03/19 23:12:33 kojm Exp $ |
|
85 | 85 |
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often |
86 | 86 |
|
87 | 87 |
AC_DEFUN([AC_CREATE_TARGET_H], |
... | ... |
@@ -4041,7 +4041,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers) |
4041 | 4041 |
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers) |
4042 | 4042 |
dnl |
4043 | 4043 |
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu> |
4044 |
-dnl @version $Id: aclocal.m4,v 1.28 2004/03/13 20:08:10 kojm Exp $ |
|
4044 |
+dnl @version $Id: aclocal.m4,v 1.29 2004/03/19 23:12:33 kojm Exp $ |
|
4045 | 4045 |
dnl |
4046 | 4046 |
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF], |
4047 | 4047 |
[changequote(<<, >>)dnl |
... | ... |
@@ -9348,22 +9348,6 @@ else |
9348 | 9348 |
fi |
9349 | 9349 |
|
9350 | 9350 |
|
9351 |
-if test "$test_urandom" = "yes" |
|
9352 |
-then |
|
9353 |
- if test -r /dev/urandom ; then |
|
9354 |
- echo "$as_me:$LINENO: result: /dev/(u)random detected." >&5 |
|
9355 |
-echo "${ECHO_T}/dev/(u)random detected." >&6 |
|
9356 |
- |
|
9357 |
-cat >>confdefs.h <<\_ACEOF |
|
9358 |
-#define C_URANDOM 1 |
|
9359 |
-_ACEOF |
|
9360 |
- |
|
9361 |
- else |
|
9362 |
- echo "$as_me:$LINENO: result: /dev/(u)random not detected - using weak software rand()" >&5 |
|
9363 |
-echo "${ECHO_T}/dev/(u)random not detected - using weak software rand()" >&6 |
|
9364 |
- fi |
|
9365 |
-fi |
|
9366 |
- |
|
9367 | 9351 |
# tcpwrappers support |
9368 | 9352 |
# rules from http://ma.ph-freiburg.de/tng/tng-technical/2002-01/msg00094.html |
9369 | 9353 |
|
... | ... |
@@ -203,16 +203,6 @@ dnl Do not overwrite the current config file |
203 | 203 |
AM_CONDITIONAL(INSTALL_CLAMAV_CONF, test ! -r "$cfg_dir/clamav.conf") |
204 | 204 |
AM_CONDITIONAL(INSTALL_FRESHCLAM_CONF, test ! -r "$cfg_dir/freshclam.conf") |
205 | 205 |
|
206 |
-if test "$test_urandom" = "yes" |
|
207 |
-then |
|
208 |
- if test -r /dev/urandom ; then |
|
209 |
- AC_MSG_RESULT(/dev/(u)random detected.) |
|
210 |
- AC_DEFINE(C_URANDOM,1,[use /dev/urandom]) |
|
211 |
- else |
|
212 |
- AC_MSG_RESULT(/dev/(u)random not detected - using weak software rand()) |
|
213 |
- fi |
|
214 |
-fi |
|
215 |
- |
|
216 | 206 |
# tcpwrappers support |
217 | 207 |
# rules from http://ma.ph-freiburg.de/tng/tng-technical/2002-01/msg00094.html |
218 | 208 |
AC_ARG_WITH(tcpwrappers, |
... | ... |
@@ -37,6 +37,7 @@ |
37 | 37 |
#include <pwd.h> |
38 | 38 |
#include <errno.h> |
39 | 39 |
#include <target.h> |
40 |
+#include <sys/time.h> |
|
40 | 41 |
|
41 | 42 |
#include "clamav.h" |
42 | 43 |
#include "others.h" |
... | ... |
@@ -44,8 +45,15 @@ |
44 | 44 |
|
45 | 45 |
#define CL_FLEVEL 1 /* don't touch it */ |
46 | 46 |
|
47 |
+#ifdef CL_THREAD_SAFE |
|
48 |
+# include <pthread.h> |
|
49 |
+pthread_mutex_t cl_gentemp_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
50 |
+#endif |
|
51 |
+ |
|
47 | 52 |
int cli_debug_flag = 0; |
48 | 53 |
|
54 |
+static unsigned char oldmd5buff[16] = { 16, 38, 97, 12, 8, 4, 72, 196, 217, 144, 33, 124, 18, 11, 17, 253 }; |
|
55 |
+ |
|
49 | 56 |
void cli_warnmsg(const char *str, ...) |
50 | 57 |
{ |
51 | 58 |
va_list args; |
... | ... |
@@ -188,7 +196,7 @@ char *cli_md5stream(FILE *fd) |
188 | 188 |
|
189 | 189 |
char *cl_md5buff(const char *buffer, unsigned int len) |
190 | 190 |
{ |
191 |
- unsigned char md5buf[16]; |
|
191 |
+ unsigned char md5buff[16]; |
|
192 | 192 |
char *md5str; |
193 | 193 |
struct md5_ctx ctx; |
194 | 194 |
int i, cnt=0; |
... | ... |
@@ -196,12 +204,13 @@ char *cl_md5buff(const char *buffer, unsigned int len) |
196 | 196 |
|
197 | 197 |
md5_init_ctx(&ctx); |
198 | 198 |
md5_process_bytes(buffer, len, &ctx); |
199 |
- md5_finish_ctx(&ctx, &md5buf); |
|
199 |
+ md5_finish_ctx(&ctx, &md5buff); |
|
200 |
+ memcpy(oldmd5buff, md5buff, 16); |
|
200 | 201 |
|
201 | 202 |
md5str = (char*) cli_calloc(32 + 1, sizeof(char)); |
202 | 203 |
|
203 | 204 |
for(i=0; i<16; i++) |
204 |
- cnt += sprintf(md5str + cnt, "%02x", md5buf[i]); |
|
205 |
+ cnt += sprintf(md5str + cnt, "%02x", md5buff[i]); |
|
205 | 206 |
|
206 | 207 |
return(md5str); |
207 | 208 |
} |
... | ... |
@@ -245,10 +254,6 @@ void *cli_realloc(void *ptr, size_t size) |
245 | 245 |
} else return alloc; |
246 | 246 |
} |
247 | 247 |
|
248 |
-#ifndef C_URANDOM |
|
249 |
-/* it's very weak */ |
|
250 |
-#include <sys/time.h> |
|
251 |
- |
|
252 | 248 |
unsigned int cl_rndnum(unsigned int max) |
253 | 249 |
{ |
254 | 250 |
struct timeval tv; |
... | ... |
@@ -259,44 +264,16 @@ unsigned int cl_rndnum(unsigned int max) |
259 | 259 |
return rand() % max; |
260 | 260 |
} |
261 | 261 |
|
262 |
-#else |
|
263 |
- |
|
264 |
-unsigned int cl_rndnum(unsigned int max) |
|
265 |
-{ |
|
266 |
- int fd; |
|
267 |
- unsigned int generated; |
|
268 |
- char *byte; |
|
269 |
- int size; |
|
270 |
- |
|
271 |
- |
|
272 |
- if((fd = open("/dev/urandom", O_RDONLY)) < 0) { |
|
273 |
- cli_errmsg("!Can't open /dev/urandom.\n"); |
|
274 |
- return -1; |
|
275 |
- } |
|
276 |
- |
|
277 |
- byte = (char *) &generated; |
|
278 |
- size = sizeof(generated); |
|
279 |
- do { |
|
280 |
- int bread; |
|
281 |
- bread = read(fd, byte, 1); |
|
282 |
- size -= bread; |
|
283 |
- byte += bread; |
|
284 |
- } while(size > 0); |
|
285 |
- |
|
286 |
- close(fd); |
|
287 |
- return generated % max; |
|
288 |
-} |
|
289 |
-#endif |
|
290 |
- |
|
291 |
-/* it uses MD5 to avoid potential races in tmp */ |
|
292 | 262 |
char *cl_gentemp(const char *dir) |
293 | 263 |
{ |
294 | 264 |
char *name, *tmp; |
295 | 265 |
const char *mdir; |
296 |
- unsigned char salt[32]; |
|
297 |
- int cnt=0, i; |
|
266 |
+ unsigned char salt[16 + 32]; |
|
267 |
+ int i; |
|
298 | 268 |
struct stat foo; |
299 | 269 |
|
270 |
+ cli_dbgmsg("in cl_gentemp()\n"); |
|
271 |
+ |
|
300 | 272 |
if(!dir) |
301 | 273 |
mdir = "/tmp"; |
302 | 274 |
else |
... | ... |
@@ -307,17 +284,27 @@ char *cl_gentemp(const char *dir) |
307 | 307 |
cli_dbgmsg("cl_gentemp('%s'): out of memory\n", dir); |
308 | 308 |
return NULL; |
309 | 309 |
} |
310 |
- cnt += sprintf(name, "%s/", mdir); |
|
310 |
+ |
|
311 |
+#ifdef CL_THREAD_SAFE |
|
312 |
+ pthread_mutex_lock(&cl_gentemp_mutex); |
|
313 |
+#endif |
|
314 |
+ |
|
315 |
+ memcpy(salt, oldmd5buff, 16); |
|
311 | 316 |
|
312 | 317 |
do { |
313 |
- for(i = 0; i < 32; i++) |
|
318 |
+ for(i = 16; i < 48; i++) |
|
314 | 319 |
salt[i] = cl_rndnum(255); |
315 | 320 |
|
316 |
- tmp = cl_md5buff(( char* ) salt, 32); |
|
321 |
+ tmp = cl_md5buff(( char* ) salt, 48); |
|
322 |
+ sprintf(name, "%s/", mdir); |
|
317 | 323 |
strncat(name, tmp, 16); |
318 | 324 |
free(tmp); |
319 | 325 |
} while(stat(name, &foo) != -1); |
320 | 326 |
|
327 |
+#ifdef CL_THREAD_SAFE |
|
328 |
+ pthread_mutex_unlock(&cl_gentemp_mutex); |
|
329 |
+#endif |
|
330 |
+ |
|
321 | 331 |
return(name); |
322 | 332 |
} |
323 | 333 |
|
... | ... |
@@ -372,5 +359,3 @@ int cli_rmdirs(const char *dirname) |
372 | 372 |
closedir(dd); |
373 | 373 |
return 0; |
374 | 374 |
} |
375 |
- |
|
376 |
- |