From 69d2f36faae2eadd4be09546d27257594f86a13a Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 25 Jun 2014 15:53:56 +0000
Subject: O_NOFOLLOW would be very nice to have here if the version of linux we
 are running supports it. from enh@google.com

---
 src/lib/libcrypto/arc4random/getentropy_linux.c | 21 +++++++++++----------
 src/lib/libcrypto/crypto/getentropy_linux.c     | 21 +++++++++++----------
 2 files changed, 22 insertions(+), 20 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/arc4random/getentropy_linux.c b/src/lib/libcrypto/arc4random/getentropy_linux.c
index d833d4c9e1..8166131899 100644
--- a/src/lib/libcrypto/arc4random/getentropy_linux.c
+++ b/src/lib/libcrypto/arc4random/getentropy_linux.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_linux.c,v 1.8 2014/06/23 03:47:46 beck Exp $	*/
+/*	$OpenBSD: getentropy_linux.c,v 1.9 2014/06/25 15:53:56 beck Exp $	*/
 
 /*
  * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -169,24 +169,25 @@ getentropy_urandom(void *buf, size_t len)
 {
 	struct stat st;
 	size_t i;
-	int fd, cnt;
+	int fd, cnt, flags;
 	int save_errno = errno;
 
 start:
+
+        flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+        flags |= O_NOFOLLOW;
+#endif
 #ifdef O_CLOEXEC
-	fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC, 0);
-	if (fd == -1) {
-		if (errno == EINTR)
-			goto start;
-		goto nodevrandom;
-	}
-#else
-	fd = open("/dev/urandom", O_RDONLY, 0);
+        flags |= O_CLOEXEC;
+#endif
+	fd = open("/dev/urandom", flags, 0);
 	if (fd == -1) {
 		if (errno == EINTR)
 			goto start;
 		goto nodevrandom;
 	}
+#ifndef O_CLOEXEC
 	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
 #endif
 
diff --git a/src/lib/libcrypto/crypto/getentropy_linux.c b/src/lib/libcrypto/crypto/getentropy_linux.c
index d833d4c9e1..8166131899 100644
--- a/src/lib/libcrypto/crypto/getentropy_linux.c
+++ b/src/lib/libcrypto/crypto/getentropy_linux.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_linux.c,v 1.8 2014/06/23 03:47:46 beck Exp $	*/
+/*	$OpenBSD: getentropy_linux.c,v 1.9 2014/06/25 15:53:56 beck Exp $	*/
 
 /*
  * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -169,24 +169,25 @@ getentropy_urandom(void *buf, size_t len)
 {
 	struct stat st;
 	size_t i;
-	int fd, cnt;
+	int fd, cnt, flags;
 	int save_errno = errno;
 
 start:
+
+        flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+        flags |= O_NOFOLLOW;
+#endif
 #ifdef O_CLOEXEC
-	fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC, 0);
-	if (fd == -1) {
-		if (errno == EINTR)
-			goto start;
-		goto nodevrandom;
-	}
-#else
-	fd = open("/dev/urandom", O_RDONLY, 0);
+        flags |= O_CLOEXEC;
+#endif
+	fd = open("/dev/urandom", flags, 0);
 	if (fd == -1) {
 		if (errno == EINTR)
 			goto start;
 		goto nodevrandom;
 	}
+#ifndef O_CLOEXEC
 	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
 #endif
 
-- 
cgit v1.2.3-55-g6feb