!5 替换不安全函数/dev/urandom

From: @hwx1054416 Reviewed-by: @zengwefeng,@wangxp006 Signed-off-by: @zengwefeng,@wangxp006
2021-08-25 11:48:09 +00:00 · 2021-08-25 11:48:09 +00:00 · c9e08e7d11
commit c9e08e7d11
parent 126175c886 5a8ab21e71
2 changed files with 66 additions and 4 deletions
--- a/huawei-replace-random-with-RAND_priv_bytes.patch
+++ b/huawei-replace-random-with-RAND_priv_bytes.patch
@ -0,0 +1,55 @@
+From 43974c5f3054c152cc424b16684829c19ae8dd6a Mon Sep 17 00:00:00 2001
+From: hwx1054416 <heyaohua1@huawei.com>
+Date: Wed, 25 Aug 2021 17:35:39 +0800
+Subject: [PATCH] replace random with RAND_priv_bytes
+
+---
+ src/yppasswd.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/yppasswd.c b/src/yppasswd.c
+index 04d041b..15b25e3 100644
+--- a/src/yppasswd.c
+++ b/src/yppasswd.c
+@@ -44,6 +44,7 @@
+ #include <rpcsvc/yp_prot.h>
+ #include <rpcsvc/ypclnt.h>
+ #include <rpcsvc/yppasswd.h>
+#include <openssl/rand.h>
+ 
+ #ifndef _
+ #define _(String) gettext (String)
+@@ -517,10 +518,11 @@ create_random_salt (char *salt, int num_chars)
+ {
+   int fd;
+   unsigned char c;
+  unsigned char buf;
+   int i;
+   int res;
+ 
+-  fd = open ("/dev/urandom", O_RDONLY);
+  fd = open ("/dev/random", O_RDONLY);
+ 
+   for (i = 0; i < num_chars; i++)
+     {
+@@ -529,7 +531,16 @@ create_random_salt (char *salt, int num_chars)
+         res = read (fd, &c, 1);
+ 
+       if (res != 1)
+-        c = random ();
+        {
+             while (!RAND_status ())
+                  RAND_seed (&buf, sizeof (buf));
+             if (RAND_priv_bytes (&buf, sizeof (buf)) != 1)
+               {
+                    printf ( _("Failed to generate a number.\n"));
+                    break;
+               }
+             c = buf;
+        }
+ 
+       salt[i] = bin_to_ascii (c & 0x3f);
+     }
+-- 
+1.8.3.1
+
--- a/yp-tools.spec
+++ b/yp-tools.spec
@ -2,7 +2,7 @@

 Name:		yp-tools
 Version:	4.2.3
-Release:        6
+Release:        7
 Summary:	Network Information Service (YP) client utilities
 License:	GPLv2
 URL:		https://github.com/thkukuk/yp-tools
@ -11,10 +11,11 @@ Patch0: 	yp-tools-2.12-hash.patch
 Patch1: 	yp-tools-2.12-crypt.patch
 Patch2: 	yp-tools-2.12-adjunct.patch
 Patch3: 	yp-tools-4.2.2-strict-prototypes.patch
+Patch9000:      huawei-replace-random-with-RAND_priv_bytes.patch

 BuildRequires:	autoconf automake libtool
-BuildRequires:  gettext-devel libtirpc-devel libnsl2-devel
-Requires:	ypbind >= 3:2.4-2 glibc
+BuildRequires:  gettext-devel libtirpc-devel libnsl2-devel openssl-devel
+Requires:	ypbind >= 3:2.4-2 glibc openssl-libs

 %description
 This package provides NIS client programs.NIS,Network Information
@ -34,7 +35,7 @@ The help package contains doc files for yp-tools.
 autoreconf -ifv

 %build
-export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type"
+export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type -lcrypto"
 %configure --disable-domainname
 %make_build

@ -54,6 +55,12 @@ export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type"
 %{_mandir}/*/*

 %changelog
+* Wed Aug 25 2021 heyaohua<heyaohua1@huawei.com> - 4.2.3-7
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:replace random with RAND_priv_bytes
+
 * Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 4.2.3-6
 - DESC: delete -S git from %autosetup, and delete BuildRequires git