From: Andre Noll Date: Thu, 22 Aug 2013 21:13:37 +0000 (+0200) Subject: crypt: Add workaround for non-fork-safe PRGs. X-Git-Tag: v0.5.1~10^2 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=a496f5831278c7e724d02de45f6cc6eba115b95c;p=paraslash.git crypt: Add workaround for non-fork-safe PRGs. Some PRNGs implementations suffer from the problem that after a fork() the PRNG state of parent and child process differ only by the child pid which is mixed into the state. Certain versions of openssl are known to contain this flaw. On such implementations two command handlers will generate the same challenge and session keys if their pid is identical. This may happen due to pid wrapping. This patch works around this shortcoming by reading some pseudo random bytes in the parent process after each fork(). --- diff --git a/server.c b/server.c index 36af088e..70d9137e 100644 --- a/server.c +++ b/server.c @@ -388,6 +388,9 @@ static int command_post_select(struct sched *s, struct task *t) goto out; } if (child_pid) { + /* avoid problems with non-fork-safe PRNGs */ + unsigned char buf[16]; + get_random_bytes_or_die(buf, sizeof(buf)); close(new_fd); /* parent keeps accepting connections */ return 0;