From: Andy Polyakov <appro@openssl.org>
Date: Fri, 14 Jan 2005 16:19:47 +0000 (+0000)
Subject: O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
X-Git-Tag: OpenSSL_0_9_7f~45
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=adeb20b6b763ba96e7f2b6f6bf1fad50a55dbcb1;p=openssl

O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
PR: 998
---

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index f5165f1326..9376554fae 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -120,6 +120,7 @@
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/times.h>
+#include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <time.h>
@@ -151,9 +152,9 @@ int RAND_poll(void)
 	int n = 0;
 #endif
 #ifdef DEVRANDOM
-	static const char *randomfiles[] = { DEVRANDOM, NULL };
-	const char **randomfile = NULL;
-	int fd;
+	static const char *randomfiles[] = { DEVRANDOM };
+	struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
+	int fd,i;
 #endif
 #ifdef DEVRANDOM_EGD
 	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -161,13 +162,14 @@ int RAND_poll(void)
 #endif
 
 #ifdef DEVRANDOM
+	memset(randomstats,0,sizeof(randomstats));
 	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
 	 * have this. Use /dev/urandom if you can as /dev/random may block
 	 * if it runs out of random entries.  */
 
-	for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++)
+	for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)
 		{
-		if ((fd = open(*randomfile, O_RDONLY
+		if ((fd = open(randomfiles[i], O_RDONLY
 #ifdef O_NONBLOCK
 			|O_NONBLOCK
 #endif
@@ -177,16 +179,25 @@ int RAND_poll(void)
 #ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
 		   our controlling tty */
 			|O_NOCTTY
-#endif
-#ifdef O_NOFOLLOW /* Fail if the file is a symbolic link */
-			|O_NOFOLLOW
 #endif
 			)) >= 0)
 			{
 			struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
 							      each file. */
-			int r;
+			int r,j;
 			fd_set fset;
+			struct stat *st=&randomstats[i];
+
+			/* Avoid using same input... Used to be O_NOFOLLOW
+			 * above, but it's not universally appropriate... */
+			if (fstat(fd,st) != 0)	{ close(fd); continue; }
+			for (j=0;j<i;j++)
+				{
+				if (randomstats[j].st_ino==st->st_ino &&
+				    randomstats[j].st_dev==st->st_dev)
+					break;
+				}
+			if (j<i)		{ close(fd); continue; }
 
 			do
 				{