O_NOFOLLOW would be very nice to have here if the version of linux

we are running supports it. from enh@google.com
author: beck <> 2014-06-25 15:53:56 +0000
committer: beck <> 2014-06-25 15:53:56 +0000
commit: 3b8309092cda956cac67be79751e70be574103b8 (patch)
tree: e328c7903c5e458f5a420b0abb22438b430ba27a /src
parent: d47c090ea4befbeabf2f1dd2151e40f2fcbc345f (diff)
download: openbsd-3b8309092cda956cac67be79751e70be574103b8.tar.gz
openbsd-3b8309092cda956cac67be79751e70be574103b8.tar.bz2
openbsd-3b8309092cda956cac67be79751e70be574103b8.zip
2 files changed, 22 insertions, 20 deletions
diff --git a/src/lib/libcrypto/arc4random/getentropy_linux.c b/src/lib/libcrypto/arc4random/getentropy_linux.c
index d833d4c9e1..8166131899 100644
--- a/src/lib/libcrypto/arc4random/getentropy_linux.c
+++ b/src/lib/libcrypto/arc4random/getentropy_linux.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: getentropy_linux.c,v 1.8 2014/06/23 03:47:46 beck Exp $       */
+/*      $OpenBSD: getentropy_linux.c,v 1.9 2014/06/25 15:53:56 beck Exp $       */
 /*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -169,24 +169,25 @@ getentropy_urandom(void *buf, size_t len)
 {
        struct stat st;
        size_t i;
-        int fd, cnt;
+        int fd, cnt, flags;
        int save_errno = errno;
 start:
+        flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+        flags |= O_NOFOLLOW;
+#endif
 #ifdef O_CLOEXEC
-        fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC, 0);
+        flags |= O_CLOEXEC;
-        if (fd == -1) {
+#endif
-                if (errno == EINTR)
+        fd = open("/dev/urandom", flags, 0);
-                        goto start;
-                goto nodevrandom;
-        }
-#else
-        fd = open("/dev/urandom", O_RDONLY, 0);
        if (fd == -1) {
                if (errno == EINTR)
                        goto start;
                goto nodevrandom;
        }
+#ifndef O_CLOEXEC
        fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
 #endif
diff --git a/src/lib/libcrypto/crypto/getentropy_linux.c b/src/lib/libcrypto/crypto/getentropy_linux.c
index d833d4c9e1..8166131899 100644
--- a/src/lib/libcrypto/crypto/getentropy_linux.c
+++ b/src/lib/libcrypto/crypto/getentropy_linux.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: getentropy_linux.c,v 1.8 2014/06/23 03:47:46 beck Exp $       */
+/*      $OpenBSD: getentropy_linux.c,v 1.9 2014/06/25 15:53:56 beck Exp $       */
 /*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -169,24 +169,25 @@ getentropy_urandom(void *buf, size_t len)
 {
        struct stat st;
        size_t i;
-        int fd, cnt;
+        int fd, cnt, flags;
        int save_errno = errno;
 start:
+        flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+        flags |= O_NOFOLLOW;
+#endif
 #ifdef O_CLOEXEC
-        fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC, 0);
+        flags |= O_CLOEXEC;
-        if (fd == -1) {
+#endif
-                if (errno == EINTR)
+        fd = open("/dev/urandom", flags, 0);
-                        goto start;
-                goto nodevrandom;
-        }
-#else
-        fd = open("/dev/urandom", O_RDONLY, 0);
        if (fd == -1) {
                if (errno == EINTR)
                        goto start;
                goto nodevrandom;
        }
+#ifndef O_CLOEXEC
        fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
 #endif
author	beck <>	2014-06-25 15:53:56 +0000
committer	beck <>	2014-06-25 15:53:56 +0000
commit	3b8309092cda956cac67be79751e70be574103b8 (patch)
tree	e328c7903c5e458f5a420b0abb22438b430ba27a /src
parent	d47c090ea4befbeabf2f1dd2151e40f2fcbc345f (diff)
download	openbsd-3b8309092cda956cac67be79751e70be574103b8.tar.gz openbsd-3b8309092cda956cac67be79751e70be574103b8.tar.bz2 openbsd-3b8309092cda956cac67be79751e70be574103b8.zip