@@ -1,3 +1,7 @@

+Sat Mar 20 00:16:26 CET 2004 (tk)

+---------------------------------

+  * libclamav: cl_gentemp(): do not use /dev/urandom

+

 Fri Mar 19 21:42:51 CET 2004 (tk)

 ---------------------------------

   * clamd: thrmgr.c, server-th.c: added missing new line characters in logg()

@@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for

 dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created

 dnl (the prefix is a bit different, since we add an extra -target- and -host-)

 dnl 

-dnl @version: $Id: aclocal.m4,v 1.28 2004/03/13 20:08:10 kojm Exp $

+dnl @version: $Id: aclocal.m4,v 1.29 2004/03/19 23:12:33 kojm Exp $

 dnl @author Guido Draheim <guidod@gmx.de>                 STATUS: used often

 AC_DEFUN([AC_CREATE_TARGET_H],

@@ -4041,7 +4041,7 @@ dnl      AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers)

 dnl      AC_COMPILE_CHECK_SIZEOF(off_t, $headers)

 dnl

 dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu>

-dnl @version $Id: aclocal.m4,v 1.28 2004/03/13 20:08:10 kojm Exp $

+dnl @version $Id: aclocal.m4,v 1.29 2004/03/19 23:12:33 kojm Exp $

 dnl

 AC_DEFUN([AC_COMPILE_CHECK_SIZEOF],

 [changequote(<<, >>)dnl

@@ -54,9 +54,6 @@

 /* os is solaris */

 #undef C_SOLARIS

-/* use /dev/urandom */

-#undef C_URANDOM

-

 /* Path to virus database directory. */

 #undef DATADIR

@@ -9348,22 +9348,6 @@ else

 fi

-if test "$test_urandom" = "yes"

-then

-    if test -r /dev/urandom ; then

-	echo "$as_me:$LINENO: result: /dev/(u)random detected." >&5

-echo "${ECHO_T}/dev/(u)random detected." >&6

-

-cat >>confdefs.h <<\_ACEOF

-#define C_URANDOM 1

-_ACEOF

-

-    else

-	echo "$as_me:$LINENO: result: /dev/(u)random not detected - using weak software rand()" >&5

-echo "${ECHO_T}/dev/(u)random not detected - using weak software rand()" >&6

-    fi

-fi

-

 # tcpwrappers support

 # rules from http://ma.ph-freiburg.de/tng/tng-technical/2002-01/msg00094.html

@@ -203,16 +203,6 @@ dnl Do not overwrite the current config file

 AM_CONDITIONAL(INSTALL_CLAMAV_CONF, test ! -r "$cfg_dir/clamav.conf")

 AM_CONDITIONAL(INSTALL_FRESHCLAM_CONF, test ! -r "$cfg_dir/freshclam.conf")

-if test "$test_urandom" = "yes"

-then

-    if test -r /dev/urandom ; then

-	AC_MSG_RESULT(/dev/(u)random detected.)

-	AC_DEFINE(C_URANDOM,1,[use /dev/urandom])

-    else

-	AC_MSG_RESULT(/dev/(u)random not detected - using weak software rand())

-    fi

-fi

-

 # tcpwrappers support

 # rules from http://ma.ph-freiburg.de/tng/tng-technical/2002-01/msg00094.html

 AC_ARG_WITH(tcpwrappers,

@@ -37,6 +37,7 @@

 #include <pwd.h>

 #include <errno.h>

 #include <target.h>

+#include <sys/time.h>

 #include "clamav.h"

 #include "others.h"

@@ -44,8 +45,15 @@

 #define CL_FLEVEL 1 /* don't touch it */

+#ifdef CL_THREAD_SAFE

+#  include <pthread.h>

+pthread_mutex_t cl_gentemp_mutex = PTHREAD_MUTEX_INITIALIZER;

+#endif

+

 int cli_debug_flag = 0;

+static unsigned char oldmd5buff[16] = { 16, 38, 97, 12, 8, 4, 72, 196, 217, 144, 33, 124, 18, 11, 17, 253 };

+

 void cli_warnmsg(const char *str, ...)

 {

 	va_list args;

@@ -188,7 +196,7 @@ char *cli_md5stream(FILE *fd)

 char *cl_md5buff(const char *buffer, unsigned int len)

 {

-	unsigned char md5buf[16];

+	unsigned char md5buff[16];

 	char *md5str;

 	struct md5_ctx ctx;

 	int i, cnt=0;

@@ -196,12 +204,13 @@ char *cl_md5buff(const char *buffer, unsigned int len)

     md5_init_ctx(&ctx);

     md5_process_bytes(buffer, len, &ctx);

-    md5_finish_ctx(&ctx, &md5buf);

+    md5_finish_ctx(&ctx, &md5buff);

+    memcpy(oldmd5buff, md5buff, 16);

     md5str = (char*) cli_calloc(32 + 1, sizeof(char));

     for(i=0; i<16; i++)

-	cnt += sprintf(md5str + cnt, "%02x", md5buf[i]);

+	cnt += sprintf(md5str + cnt, "%02x", md5buff[i]);

     return(md5str);

 }

@@ -245,10 +254,6 @@ void *cli_realloc(void *ptr, size_t size)

     } else return alloc;

 }

-#ifndef C_URANDOM

-/* it's very weak */

-#include <sys/time.h>

-

 unsigned int cl_rndnum(unsigned int max)

 {

     struct timeval tv;

@@ -259,44 +264,16 @@ unsigned int cl_rndnum(unsigned int max)

   return rand() % max;

 }

-#else

-

-unsigned int cl_rndnum(unsigned int max)

-{

-	int fd;

-	unsigned int generated;

-	char *byte;

-	int size;

-

-

-    if((fd = open("/dev/urandom", O_RDONLY)) < 0) {

-	cli_errmsg("!Can't open /dev/urandom.\n");

-	return -1;

-    }

-

-    byte = (char *) &generated;

-    size = sizeof(generated);

-    do {

-	int bread;

-	bread = read(fd, byte, 1);

-	size -= bread;

-	byte += bread;

-    } while(size > 0);

-

-    close(fd);

-    return generated % max;

-}

-#endif

-

-/* it uses MD5 to avoid potential races in tmp */

 char *cl_gentemp(const char *dir)

 {

 	char *name, *tmp;

         const char *mdir;

-	unsigned char salt[32];

-	int cnt=0, i;

+	unsigned char salt[16 + 32];

+	int i;

 	struct stat foo;

+    cli_dbgmsg("in cl_gentemp()\n");

+

     if(!dir)

 	mdir = "/tmp";

     else

@@ -307,17 +284,27 @@ char *cl_gentemp(const char *dir)

 	cli_dbgmsg("cl_gentemp('%s'): out of memory\n", dir);

 	return NULL;

     }

-    cnt += sprintf(name, "%s/", mdir);

+

+#ifdef CL_THREAD_SAFE

+    pthread_mutex_lock(&cl_gentemp_mutex);

+#endif

+

+    memcpy(salt, oldmd5buff, 16);

     do {

-	for(i = 0; i < 32; i++)

+	for(i = 16; i < 48; i++)

 	    salt[i] = cl_rndnum(255);

-	tmp = cl_md5buff(( char* ) salt, 32);

+	tmp = cl_md5buff(( char* ) salt, 48);

+	sprintf(name, "%s/", mdir);

 	strncat(name, tmp, 16);

 	free(tmp);

     } while(stat(name, &foo) != -1);

+#ifdef CL_THREAD_SAFE

+    pthread_mutex_unlock(&cl_gentemp_mutex);

+#endif

+

     return(name);

 }

@@ -372,5 +359,3 @@ int cli_rmdirs(const char *dirname)

     closedir(dd);

     return 0;

 }

-

-