| @@ -0,0 +1,94 @@
+From:
+Subject: some NSS issues regarding getting random data
+ (like creating netstat zombies)
+References:
+https://bugzilla.mozilla.org/show_bug.cgi?id=51429
+
+Index: security/nss/lib/freebl/unix_rand.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/freebl/unix_rand.c,v
+retrieving revision 1.17.10.7
+diff -u -p -6 -r1.17.10.7 unix_rand.c
+--- security/nss/lib/freebl/unix_rand.c 25 Jul 2007 23:18:55 -0000 1.17.10.7
++++ security/nss/lib/freebl/unix_rand.c 3 Dec 2007 18:56:48 -0000
+@@ -863,13 +863,14 @@ safe_pclose(FILE *fp)
+ /* yield the processor so the child gets some time to exit normally */
+ PR_Sleep(PR_INTERVAL_NO_WAIT);
+
+ /* if the child hasn't exited, kill it -- we're done with its output */
+ while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
+ ;
+- if (rv == 0 && kill(pid, SIGKILL) == 0) {
++ if (rv == 0) {
++ kill(pid, SIGKILL);
+ while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
+ ;
+ }
+
+ /* Reset SIGCHLD signal hander before returning */
+ sigaction(SIGCHLD, &oldact, NULL);
+@@ -918,21 +919,12 @@ void RNG_SystemInfoForRNG(void)
+ "/var/tmp",
+ "/usr/tmp",
+ 0
+ };
+ #endif
+
+-#ifdef DO_PS
+-For now it is considered that it is too expensive to run the ps command
+-for the small amount of entropy it provides.
+-#if defined(__sun) && (!defined(__svr4) && !defined(SVR4)) || defined(bsdi) || defined(LINUX)
+- static char ps_cmd[] = "ps aux";
+-#else
+- static char ps_cmd[] = "ps -el";
+-#endif
+-#endif /* DO_PS */
+ #if defined(BSDI)
+ static char netstat_ni_cmd[] = "netstat -nis";
+ #else
+ static char netstat_ni_cmd[] = "netstat -ni";
+ #endif
+
+@@ -977,15 +969,19 @@ for the small amount of entropy it provi
+
+ /*
+ * Bug 100447: On BSD/OS 4.2 and 4.3, we have problem calling safe_popen
+ * in a pthreads environment. Therefore, we call safe_popen last and on
+ * BSD/OS we do not call safe_popen when we succeeded in getting data
+ * from /dev/urandom.
++ *
++ * Bug 174993: On platforms providing /dev/urandom, don't fork netstat
++ * either, if data has been gathered successfully
+ */
+
+-#ifdef BSDI
++#if defined(BSDI) || defined(NETBSD) || defined(OPENBSD) \
++ || defined(FREEBSD) || defined(DARWIN) || defined(LINUX)
+ if (bytes)
+ return;
+ #endif
+
+ #ifdef SOLARIS
+
+@@ -1007,21 +1003,12 @@ for the small amount of entropy it provi
+ }
+ bytes += kstat_bytes;
+ PORT_Assert(bytes);
+ }
+ #endif
+
+-#ifdef DO_PS
+- fp = safe_popen(ps_cmd);
+- if (fp != NULL) {
+- while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
+- RNG_RandomUpdate(buf, bytes);
+- safe_pclose(fp);
+- }
+-#endif
+-
+ #ifdef DO_NETSTAT
+ fp = safe_popen(netstat_ni_cmd);
+ if (fp != NULL) {
+ while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
+ RNG_RandomUpdate(buf, bytes);
+ safe_pclose(fp);
|
