sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-05 04:59:08 +03:00
Code Activity

secrets: fix replacemend random seed generator (security issue).

Browse Source 
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval  as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.

The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
   instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
   of sys_getpid() + 1 and incremented in subsequent calls.

In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.

Michael
(This used to be commit bfc5d34a19)
This commit is contained in:
Michael Adam
2008-08-05 23:14:05 +02:00
parent 149e1ae25a
commit 4c5752d40f
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
source3/lib/dbwrap_util.c
View File

@ -150,9 +150,13 @@ int32 dbwrap_change_int32_atomic(struct db_context *db, const char *keystr,
return -1;
}
if ((rec->value.dptr != NULL)
&& (rec->value.dsize == sizeof(val))) {
if (rec->value.dptr == NULL) {
val = *oldval;
} else if (rec->value.dsize == sizeof(val)) {
val = IVAL(rec->value.dptr, 0);
*oldval = val;
} else {
return -1;
}
val += change_val;