Fix strcpy/strcat abuse and fix stupid behaviour of the default

RAND_file_name - changed so that it stats the filename it returns
before returing it. If the file won't stat, return DEVRANDOM (for us
/dev/arandom) instead, thus making the default behaviour moderately
intelligent.

diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c
index c3a0c12..53a7566 100644 (file)
--- a/lib/libcrypto/rand/randfile.c
+++ b/lib/libcrypto/rand/randfile.c
@@ -218,6 +218,7 @@ const char *RAND_file_name(char *buf, int size)
        {
        char *s;
        char *ret=NULL;
+       struct stat sb;
 
        s=getenv("RANDFILE");
        if (s != NULL)
@@ -229,15 +230,31 @@ const char *RAND_file_name(char *buf, int size)
        else
                {
                s=getenv("HOME");
-               if (s == NULL) return(RFILE);
-               if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
-                       return(RFILE);
-               strcpy(buf,s);
+               if (s == NULL) 
+                 ret = RFILE;
+               if (((int)(strlen(s)+strlen(RFILE)+2)) > size) 
+                       ret=RFILE;
+               else 
+                       {
+                        strlcpy(buf,s,size);
 #ifndef VMS
-               strcat(buf,"/");
+                        strcat(buf,"/");
 #endif
-               strcat(buf,RFILE);
-               ret=buf;
+                        strlcat(buf,RFILE,size);
+                        ret=buf;
+                       }
                }
+#ifdef DEVRANDOM
+       /* given that all random loads just fail if the file can't be 
+        * seen on a stat, we stat the file we're returning, if it
+        * fails, use DEVRANDOM instead. the allows the user to 
+        * use their own source for good random data, but defaults
+        * to something hopefully decent if that isn't available. 
+        */
+
+       if (stat(ret,&sb) == -1)
+         ret = DEVRANDOM;
+#endif
        return(ret);
        }
+

diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c
index c3a0c12..53a7566 100644 (file)
--- a/lib/libssl/src/crypto/rand/randfile.c
+++ b/lib/libssl/src/crypto/rand/randfile.c
@@ -218,6 +218,7 @@ const char *RAND_file_name(char *buf, int size)
        {
        char *s;
        char *ret=NULL;
+       struct stat sb;
 
        s=getenv("RANDFILE");
        if (s != NULL)
@@ -229,15 +230,31 @@ const char *RAND_file_name(char *buf, int size)
        else
                {
                s=getenv("HOME");
-               if (s == NULL) return(RFILE);
-               if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
-                       return(RFILE);
-               strcpy(buf,s);
+               if (s == NULL) 
+                 ret = RFILE;
+               if (((int)(strlen(s)+strlen(RFILE)+2)) > size) 
+                       ret=RFILE;
+               else 
+                       {
+                        strlcpy(buf,s,size);
 #ifndef VMS
-               strcat(buf,"/");
+                        strcat(buf,"/");
 #endif
-               strcat(buf,RFILE);
-               ret=buf;
+                        strlcat(buf,RFILE,size);
+                        ret=buf;
+                       }
                }
+#ifdef DEVRANDOM
+       /* given that all random loads just fail if the file can't be 
+        * seen on a stat, we stat the file we're returning, if it
+        * fails, use DEVRANDOM instead. the allows the user to 
+        * use their own source for good random data, but defaults
+        * to something hopefully decent if that isn't available. 
+        */
+
+       if (stat(ret,&sb) == -1)
+         ret = DEVRANDOM;
+#endif
        return(ret);
        }
+