| commit | 4b25a10a4d02c91ca3c5a2365e4e04d3f2c93f83 | |
| author | Michael Adam <obnox@samba.org> | |
| Tue, 5 Aug 2008 21:14:05 +0000 (5 23:14 +0200) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Mon, 11 Aug 2008 14:15:53 +0000 (11 16:15 +0200) | ||
| tree | 73c544bfe6b6535e76bc9336ddd248af37868bd4 | treesnapshot (tar.gz zip) |
| parent | 75a27ea6047d69d419ff8485a4df36f5f2b2a07e | commitdiff |
secrets: fix replacemend random seed generator (security issue).
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.
The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
of sys_getpid() + 1 and incremented in subsequent calls.
In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.
Michael
(cherry picked from commit bfc5d34a196f667276ce1e173821db478d01258b)
(cherry picked from commit c0e764d3878120e9612bbd847e581c6fd6c79532)
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.
The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
of sys_getpid() + 1 and incremented in subsequent calls.
In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.
Michael
(cherry picked from commit bfc5d34a196f667276ce1e173821db478d01258b)
(cherry picked from commit c0e764d3878120e9612bbd847e581c6fd6c79532)
| source/lib/dbwrap_util.c | diffblobblamehistory |