exim arc4random patches

[Renaud Allard]

Hello,




Regards

Index: mail/exim//patches/patch-src_deliver_c
===================================================================
RCS file: mail/exim//patches/patch-src_deliver_c
diff -N mail/exim//patches/patch-src_deliver_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ mail/exim//patches/patch-src_deliver_c	17 Apr 2018 09:11:29 -0000
@@ -0,0 +1,29 @@
+--- src/deliver.c.orig	Tue Apr 17 10:49:10 2018
++++ src/deliver.c	Tue Apr 17 10:45:34 2018
+@@ -7277,7 +7277,7 @@
+       debug_printf("sending error message to: %s\n", sender_address);
+ 
+     /* build unique id for MIME boundary */
+-    bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
++    bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), arc4random());
+     DEBUG(D_deliver) debug_printf("DSN: MIME boundary: %s\n", bound);
+ 
+     if (errors_reply_to)
+@@ -7528,7 +7528,7 @@
+       fprintf(f, "To: %s\n", bounce_recipient);
+ 
+       /* generate boundary string and output MIME-Headers */
+-      bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
++      bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), arc4random());
+ 
+       fprintf(f, "Content-Type: multipart/report;"
+ 	    " report-type=delivery-status; boundary=%s\n"
+@@ -8148,7 +8148,7 @@
+         fprintf(f, "To: %s\n", recipients);
+ 
+         /* generated boundary string and output MIME-Headers */
+-        bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
++        bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), arc4random());
+ 
+         fprintf(f, "Content-Type: multipart/report;"
+ 	    " report-type=delivery-status; boundary=%s\n"
Index: mail/exim//patches/patch-src_spam_c
===================================================================
RCS file: mail/exim//patches/patch-src_spam_c
diff -N mail/exim//patches/patch-src_spam_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ mail/exim//patches/patch-src_spam_c	17 Apr 2018 09:11:29 -0000
@@ -0,0 +1,33 @@
+--- src/spam.c.orig	Tue Apr 17 10:56:03 2018
++++ src/spam.c	Tue Apr 17 10:56:44 2018
+@@ -139,21 +139,11 @@
+ spamd_address_container * sd;
+ long rnd, weights;
+ unsigned pri;
+-static BOOL srandomed = FALSE;
+ 
+ /* speedup, if we have only 1 server */
+ if (num_servers == 1)
+   return (spamds[0]->is_failed ? -1 : 0);
+ 
+-/* init ranmod */
+-if (!srandomed)
+-  {
+-  struct timeval tv;
+-  gettimeofday(&tv, NULL);
+-  srandom((unsigned int)(tv.tv_usec/1000));
+-  srandomed = TRUE;
+-  }
+-
+ /* scan for highest pri */
+ for (pri = 0, i = 0; i < num_servers; i++)
+   {
+@@ -170,7 +160,7 @@
+ if (weights == 0)	/* all servers failed */
+   return -1;
+ 
+-for (rnd = random() % weights, i = 0; i < num_servers; i++)
++for (rnd = arc4random() % weights, i = 0; i < num_servers; i++)
+   {
+   sd = spamds[i];
+   if (!sd->is_failed && sd->priority == pri)
Index: mail/exim//patches/patch-src_transports_smtp_socks_c
===================================================================
RCS file: mail/exim//patches/patch-src_transports_smtp_socks_c
diff -N mail/exim//patches/patch-src_transports_smtp_socks_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ mail/exim//patches/patch-src_transports_smtp_socks_c	17 Apr 2018 09:11:29 -0000
@@ -0,0 +1,32 @@
+--- src/transports/smtp_socks.c.orig	Tue Apr 17 10:50:46 2018
++++ src/transports/smtp_socks.c	Tue Apr 17 10:51:19 2018
+@@ -161,20 +161,10 @@
+ socks_opts * lim = &proxies[nproxies];
+ long rnd, weights;
+ unsigned pri;
+-static BOOL srandomed = FALSE;
+ 
+ if (nproxies == 1)		/* shortcut, if we have only 1 server */
+   return (proxies[0].is_failed ? -1 : 0);
+ 
+-/* init random */
+-if (!srandomed)
+-  {
+-  struct timeval tv;
+-  gettimeofday(&tv, NULL);
+-  srandom((unsigned int)(tv.tv_usec/1000));
+-  srandomed = TRUE;
+-  }
+-
+ /* scan for highest pri */
+ for (pri = 0, sd = proxies; sd < lim; sd++)
+   if (!sd->is_failed && sd->priority > pri)
+@@ -187,7 +177,7 @@
+ if (weights == 0)       /* all servers failed */
+   return -1;
+ 
+-for (rnd = random() % weights, i = 0; i < nproxies; i++)
++for (rnd = arc4random() % weights, i = 0; i < nproxies; i++)
+   {
+   sd = &proxies[i];
+   if (!sd->is_failed && sd->priority == pri)

This patch for exim replaces all calls to rand() and random() to the secure OpenBSD version, making the compiler less unhappy. After a discussion with one of the exim devs, this change would not have been accepted in mainstream exim because there is no "need" to use a crypto secure algorithm each time. But we do that anyway on OpenBSD, so here it makes sense.

smime.p7s
Description: S/MIME Cryptographic Signature