Fix randfile so it doesn't attempt to chmod and write entropy back to

devices. This caused people's /dev/arandom's to be permitted 600,
which causes rsa to fail to get random data, which results in all
kinds of fun with ssh :)

diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c
index 4a994bf..c3a0c12 100644 (file)
--- a/lib/libcrypto/rand/randfile.c
+++ b/lib/libcrypto/rand/randfile.c
@@ -142,7 +142,20 @@ int RAND_write_file(const char *file)
        int i,ret=0,err=0;
        FILE *out = NULL;
        int n;
-       
+       struct stat sb;
+
+       i=stat(file,&sb);
+       if (i != -1) { 
+         if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+           /* this file is a device. we don't write back to it. 
+            * we "succeed" on the assumption this is some sort 
+            * of random device. Otherwise attempting to write to 
+            * and chmod the device causes problems.
+            */
+           return(1); 
+         }
+       }
+
 #if defined(O_CREAT) && defined(O_EXCL) && !defined(WIN32)
        /* For some reason Win32 can't write to files created this way */
 

diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c
index 4a994bf..c3a0c12 100644 (file)
--- a/lib/libssl/src/crypto/rand/randfile.c
+++ b/lib/libssl/src/crypto/rand/randfile.c
@@ -142,7 +142,20 @@ int RAND_write_file(const char *file)
        int i,ret=0,err=0;
        FILE *out = NULL;
        int n;
-       
+       struct stat sb;
+
+       i=stat(file,&sb);
+       if (i != -1) { 
+         if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+           /* this file is a device. we don't write back to it. 
+            * we "succeed" on the assumption this is some sort 
+            * of random device. Otherwise attempting to write to 
+            * and chmod the device causes problems.
+            */
+           return(1); 
+         }
+       }
+
 #if defined(O_CREAT) && defined(O_EXCL) && !defined(WIN32)
        /* For some reason Win32 can't write to files created this way */