[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Andy Polyakov appro at openssl.org
Wed Sep 21 19:10:38 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  e7498968e229a4ec27702a3703826873a279a07b (commit)
       via  13af417ba4f6b826833d4b1f6caa39c4e0013d6f (commit)
       via  098dc9be439e5bc3625e01c4092bedc072498da9 (commit)
      from  7b368cd6d964da817cd1de85fc0cae74372e0966 (commit)


- Log -----------------------------------------------------------------
commit e7498968e229a4ec27702a3703826873a279a07b
Author: Andy Polyakov <appro at openssl.org>
Date:   Tue Sep 20 17:08:03 2016 +0200

    rand/randfile.c: treat empty string in RAND_file_name as error.
    
    Suggested in GH#1589.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646)

commit 13af417ba4f6b826833d4b1f6caa39c4e0013d6f
Author: Andy Polyakov <appro at openssl.org>
Date:   Tue Sep 20 17:06:58 2016 +0200

    rand/randfile.c: rationalize __OpenBSD__ code path.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit ba8fa4e53a35a0c46d1e0e81a4d270a026fac2b9)

commit 098dc9be439e5bc3625e01c4092bedc072498da9
Author: Andy Polyakov <appro at openssl.org>
Date:   Tue Sep 20 16:59:32 2016 +0200

    rand/randfile.c: restore fallback to $HOME for non-setuid programs.
    
    Reported in GH#1589, but solution is different from suggested.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 799c1293fcf412db64dcc8a09a6b11cc755914dc)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/randfile.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 7aeb871..c96383a 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -316,12 +316,14 @@ const char *RAND_file_name(char *buf, size_t size)
         }
     }
 #else
-    if (OPENSSL_issetugid() == 0) {
-        s = getenv("RANDFILE");
-    } else {
+    if (OPENSSL_issetugid() != 0) {
         use_randfile = 0;
-        if (OPENSSL_issetugid() == 0)
+    } else {
+        s = getenv("RANDFILE");
+        if (s == NULL || *s == '\0') {
+            use_randfile = 0;
             s = getenv("HOME");
+        }
     }
 #endif
 #ifdef DEFAULT_HOME
@@ -355,14 +357,10 @@ const char *RAND_file_name(char *buf, size_t size)
      * available.
      */
 
-    if (!buf[0])
-        if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
-            return NULL;
-        }
-    if (stat(buf, &sb) == -1)
+    if (!buf[0] || stat(buf, &sb) == -1)
         if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
             return NULL;
         }
 #endif
-    return buf;
+    return buf[0] ? buf : NULL;
 }


More information about the openssl-commits mailing list