From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 30 Jun 2017 00:11:30 +0000 (-0600)
Subject: Use getentropy() in mkstemp/mkdtemp replacement.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c000189684e597fa648139fc9e60757b62c139e3;p=sudo

Use getentropy() in mkstemp/mkdtemp replacement.
---

diff --git a/config.h.in b/config.h.in
index 0283f24c8..cfa9108e1 100644
--- a/config.h.in
+++ b/config.h.in
@@ -268,6 +268,9 @@
 /* Define to 1 if you have the `getdomainname' function. */
 #undef HAVE_GETDOMAINNAME
 
+/* Define to 1 if you have the `getentropy' function. */
+#undef HAVE_GETENTROPY
+
 /* Define to 1 if you have the `getgrouplist' function. */
 #undef HAVE_GETGROUPLIST
 
diff --git a/configure b/configure
index 3631e71d7..4cc93c00b 100755
--- a/configure
+++ b/configure
@@ -20446,6 +20446,19 @@ _ACEOF
 fi
 done
 
+    if test X"$ac_cv_func_arc4random" != X"yes"; then
+	for ac_func in getentropy
+do :
+  ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy"
+if test "x$ac_cv_func_getentropy" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETENTROPY 1
+_ACEOF
+
+fi
+done
+
+    fi
     case " $LIBOBJS " in
   *" mktemp.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS mktemp.$ac_objext"
diff --git a/configure.ac b/configure.ac
index c94af6724..07d794a56 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2689,6 +2689,9 @@ AC_CHECK_FUNCS([closefrom], [], [AC_LIBOBJ(closefrom)
 AC_CHECK_FUNCS([mkstemps mkdtemp], [], [break])
 if test X"$ac_cv_func_mkstemps$ac_cv_func_mkdtemp" != X"yesyes"; then
     AC_CHECK_FUNCS([arc4random random lrand48], [break])
+    if test X"$ac_cv_func_arc4random" != X"yes"; then
+	AC_CHECK_FUNCS([getentropy])
+    fi
     AC_LIBOBJ(mktemp)
     # If either mkdtemp() or mkstemps() is missing, replace both.
     SUDO_APPEND_COMPAT_EXP(sudo_mkdtemp sudo_mkstemps)
diff --git a/lib/util/mktemp.c b/lib/util/mktemp.c
index f5280bd29..bd5e0d4b6 100644
--- a/lib/util/mktemp.c
+++ b/lib/util/mktemp.c
@@ -81,6 +81,10 @@ seed_random(void)
 	SEED_T seed;
 	int fd;
 
+# ifdef HAVE_GETENTROPY
+	/* Not really an fd, just has to be -1 on error. */
+	fd = getentropy(&seed, sizeof(seed));
+# else
 	/*
 	 * Seed from /dev/urandom if possible.
 	 */
@@ -95,7 +99,7 @@ seed_random(void)
 	    if (nread != (ssize_t)sizeof(seed))
 		fd = -1;
 	}
-
+# endif /* HAVE_GETENTROPY */
 	/*
 	 * If no /dev/urandom, seed from time of day and process id
 	 * multiplied by small primes.