Index: /trunk/Makefile.in =================================================================== --- /trunk/Makefile.in (revision 146) +++ /trunk/Makefile.in (revision 147) @@ -1650,5 +1650,5 @@ sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h -sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h Index: /trunk/configure.ac =================================================================== --- /trunk/configure.ac (revision 146) +++ /trunk/configure.ac (revision 147) @@ -13,5 +13,5 @@ dnl start dnl -AM_INIT_AUTOMAKE(samhain, 2.4.0a) +AM_INIT_AUTOMAKE(samhain, 2.4.1) AC_CANONICAL_HOST Index: /trunk/depend.dep =================================================================== --- /trunk/depend.dep (revision 146) +++ /trunk/depend.dep (revision 147) @@ -16,5 +16,5 @@ sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h -sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h Index: /trunk/depend.sum =================================================================== --- /trunk/depend.sum (revision 146) +++ /trunk/depend.sum (revision 147) @@ -1,1 +1,1 @@ - +1541314115 Index: /trunk/docs/Changelog =================================================================== --- /trunk/docs/Changelog (revision 146) +++ /trunk/docs/Changelog (revision 147) @@ -1,3 +1,6 @@ 2.4.1: + * security fix: regression in the seeding routine for the PRNG + (detected by C. Mueller) + * regression test added for PRNG seeding routine * fix problem with PCI ROM check (spurious messages about modified timestamps, reported by S. Clormann) Index: /trunk/src/sh_entropy.c =================================================================== --- /trunk/src/sh_entropy.c (revision 146) +++ /trunk/src/sh_entropy.c (revision 147) @@ -295,5 +295,5 @@ if (0 == sh_unix_device_readable(fd2)) { - m_count = sl_read_timeout_fd(fd2, &nbuf, nbytes, + m_count = sl_read_timeout_fd(fd2, nbuf, nbytes, timeout_val, SL_FALSE); if (m_count < 0) @@ -387,4 +387,5 @@ SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); memset (keybuf, '\0', KEY_BYT); + memset (kbuf, '\0', sizeof(kbuf)); SL_RETURN(0, _("sh_entropy")); @@ -960,8 +961,32 @@ #endif - - - - - - +#ifdef SH_CUTEST +#include "CuTest.h" + +void Test_entropy (CuTest *tc) +{ + char bufx[9 * sizeof(UINT32) + 1]; + char bufy[9 * sizeof(UINT32) + 1]; + int status; + + memset(skey->poolv, '\0', KEY_BYT); + + status = sh_entropy (24, bufx); + CuAssertTrue(tc, 0 == status); + + memset(skey->poolv, '\0', KEY_BYT); + + status = sh_entropy (24, bufy); + CuAssertTrue(tc, 0 == status); + + CuAssertTrue(tc, 0 != memcmp(bufx, bufy, 24)); +} +#endif + + + + + + + + Index: /trunk/test/testcompile.sh =================================================================== --- /trunk/test/testcompile.sh (revision 146) +++ /trunk/test/testcompile.sh (revision 147) @@ -414,11 +414,11 @@ # test standalone compilation # - TEST="${S}standalone w/o mail${E}" - # - if test -r "Makefile"; then - $MAKE clean - fi - # - ${TOP_SRCDIR}/configure --quiet --disable-mail --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + TEST="${S}standalone w/o mail w/unix_rnd${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --disable-mail --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-rnd=unix > /dev/null 2>> test_log # let "num = num + 1" >/dev/null