Hello tech@,
Here is a minor diff to do a little more strict checking on the device
id for urandom. It would be a shame if someone replaced a genuine
urandom with a /dev/null or some other predictable device.
if a file is not special st_rdev will be 0 so S_ISCHR isn't needed anymore.
Sincerely,
Martijn van Duren
Index: getentropy_linux.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/getentropy_linux.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 getentropy_linux.c
--- getentropy_linux.c 25 Jun 2014 17:04:18 -0000 1.13
+++ getentropy_linux.c 25 Jun 2014 19:09:08 -0000
@@ -197,7 +197,8 @@ start:
#endif
/* Lightly verify that the device node looks sane */
- if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
+ if (fstat(fd, &st) == -1 || major(st.st_rdev) != 1 ||
+ minor(st.st_rdev) != 9) {
close(fd);
goto nodevrandom;
}
