File nss-random.patch of Package mozilla-nss - j0ke.net Open Build Service

File nss-random.patch of Package mozilla-nss (Revision 9)

Currently displaying revision 9, show latest

From:
Subject: some NSS issues regarding getting random data
         (like creating netstat zombies)
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=51429

Index: security/nss/lib/freebl/unix_rand.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/freebl/unix_rand.c,v
retrieving revision 1.17.10.7
diff -u -p -6 -r1.17.10.7 unix_rand.c
--- security/nss/lib/freebl/unix_rand.c	25 Jul 2007 23:18:55 -0000	1.17.10.7
+++ security/nss/lib/freebl/unix_rand.c	3 Dec 2007 18:56:48 -0000
@@ -863,13 +863,14 @@ safe_pclose(FILE *fp)
     /* yield the processor so the child gets some time to exit normally */
     PR_Sleep(PR_INTERVAL_NO_WAIT);
 
     /* if the child hasn't exited, kill it -- we're done with its output */
     while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
 	;
-    if (rv == 0 && kill(pid, SIGKILL) == 0) {
+    if (rv == 0) {
+        kill(pid, SIGKILL);
 	while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
 	    ;
     }
 
     /* Reset SIGCHLD signal hander before returning */
     sigaction(SIGCHLD, &oldact, NULL);
@@ -918,21 +919,12 @@ void RNG_SystemInfoForRNG(void)
 	"/var/tmp",
 	"/usr/tmp",
 	0
     };
 #endif
 
-#ifdef DO_PS
-For now it is considered that it is too expensive to run the ps command
-for the small amount of entropy it provides.
-#if defined(__sun) && (!defined(__svr4) && !defined(SVR4)) || defined(bsdi) || defined(LINUX)
-    static char ps_cmd[] = "ps aux";
-#else
-    static char ps_cmd[] = "ps -el";
-#endif
-#endif /* DO_PS */
 #if defined(BSDI)
     static char netstat_ni_cmd[] = "netstat -nis";
 #else
     static char netstat_ni_cmd[] = "netstat -ni";
 #endif
 
@@ -977,15 +969,19 @@ for the small amount of entropy it provi
 
 /*
  * Bug 100447: On BSD/OS 4.2 and 4.3, we have problem calling safe_popen
  * in a pthreads environment.  Therefore, we call safe_popen last and on
  * BSD/OS we do not call safe_popen when we succeeded in getting data
  * from /dev/urandom.
+ *
+ * Bug 174993: On platforms providing /dev/urandom, don't fork netstat
+ * either, if data has been gathered successfully
  */
 
-#ifdef BSDI
+#if defined(BSDI) || defined(NETBSD) || defined(OPENBSD) \
+    || defined(FREEBSD) || defined(DARWIN) || defined(LINUX)
     if (bytes)
         return;
 #endif
 
 #ifdef SOLARIS
 
@@ -1007,21 +1003,12 @@ for the small amount of entropy it provi
         }
         bytes += kstat_bytes;
         PORT_Assert(bytes);
     }
 #endif
 
-#ifdef DO_PS
-    fp = safe_popen(ps_cmd);
-    if (fp != NULL) {
-	while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
-	    RNG_RandomUpdate(buf, bytes);
-	safe_pclose(fp);
-    }
-#endif
-
 #ifdef DO_NETSTAT
     fp = safe_popen(netstat_ni_cmd);
     if (fp != NULL) {
 	while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
 	    RNG_RandomUpdate(buf, bytes);
 	safe_pclose(fp);