Site Navigation

Date:      Sat, 3 Mar 2001 15:00:49 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        audit@FreeBSD.org
Subject:   rand() patches
Message-ID:  <20010303150049.A33806@mollari.cthul.hu>

---

next in thread | raw e-mail | index | archive | help

---

--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Please review the following patches which replace all uses of rand()
(and one of random() which I came across) with stronger variants.
Even the "fixed" version of rand() in -current is too weak (because of
interface constraints with rand_r()) to be used here.

Kris

Index: bin/ed/cbc.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/bin/ed/cbc.c,v
retrieving revision 1.12
diff -u -r1.12 cbc.c
--- bin/ed/cbc.c	1999/08/27 23:14:12	1.12
+++ bin/ed/cbc.c	2001/02/27 18:38:17
@@ -57,12 +57,6 @@
=20
=20
 /*
- * Define a divisor for rand() that yields a uniform distribution in the
- * range 0-255.
- */
-#define	RAND_DIV (((unsigned) RAND_MAX + 1) >> 8)
-
-/*
  * BSD and System V systems offer special library calls that do
  * block move_liness and fills, so if possible we take advantage of them
  */
@@ -125,9 +119,8 @@
 	MEMZERO(ivec, 8);
=20
 	/* initialize the padding vector */
-	srand((unsigned) time((time_t *) 0));
 	for (i =3D 0; i < 8; i++)
-		CHAR(pvec, i) =3D (char) (rand()/RAND_DIV);
+		CHAR(pvec, i) =3D (char) (arc4random() % 256);
 #endif
 }
=20
Index: contrib/opie/libopie/newseed.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/contrib/opie/libopie/newseed.c,v
retrieving revision 1.3
diff -u -r1.3 newseed.c
--- contrib/opie/libopie/newseed.c	2000/04/10 11:18:54	1.3
+++ contrib/opie/libopie/newseed.c	2001/02/27 18:15:19
@@ -16,6 +16,9 @@
 */
=20
 #include "opie_cfg.h"
+#if HAVE_STDLIB_H
+#include <stdlib.h>
+#endif /* HAVE_STDLIB_H */
 #if HAVE_TIME_H
 #include <time.h>
 #endif /* HAVE_TIME_H */
@@ -84,12 +87,6 @@
=20
   {
     {
-    time_t now;
-    time(&now);
-    srand(now);
-    }
-
-    {
     struct utsname utsname;
=20
     if (uname(&utsname) < 0) {
@@ -101,7 +98,7 @@
     }
     utsname.nodename[2] =3D 0;
=20
-    sprintf(seed, "%s%04d", utsname.nodename, (rand() % 9999) + 1);
+    sprintf(seed, "%s%04d", utsname.nodename, (arc4random() % 9999) + 1);
     return 0;
     }
   }
Index: contrib/opie/libopie/randomchallenge.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/contrib/opie/libopie/randomchallenge.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 randomchallenge.c
--- contrib/opie/libopie/randomchallenge.c	2000/04/10 11:09:41	1.1.1.3
+++ contrib/opie/libopie/randomchallenge.c	2001/02/27 18:16:48
@@ -25,6 +25,9 @@
         Created at NRL for OPIE 2.2 from opiesubr2.c
 */
=20
+#if HAVE_STDLIB_H
+#include <stdlib.h>
+#endif /* HAVE_STDLIB_H */
 #include "opie_cfg.h"
 #include "opie.h"
=20
@@ -41,5 +44,5 @@
   if (opienewseed(buf))
     strcpy(buf, "ke4452");
=20
-  sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (rand() % 499) + 1, buf=
);
+  sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (arc4random() % 499) + =
1, buf);
 }
Index: usr.bin/newkey/generic.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/usr.bin/newkey/generic.c,v
retrieving revision 1.3
diff -u -r1.3 generic.c
--- usr.bin/newkey/generic.c	1999/08/28 01:04:33	1.3
+++ usr.bin/newkey/generic.c	2001/02/27 18:26:42
@@ -57,18 +57,9 @@
 	unsigned char *pass;
 {
 	int i;
-	int rseed;
-	struct timeval tv;
=20
-	(void)gettimeofday(&tv, (struct timezone *)NULL);
-	rseed =3D tv.tv_sec + tv.tv_usec;
-	for (i =3D 0; i < 8; i++) {
-		rseed ^=3D (rseed << 8) | pass[i];
-	}
-	srand(rseed);
-
 	for (i =3D 0; i < seedsize; i++) {
-		seed[i] =3D (rand() & 0xff) ^ pass[i % 8];
+		seed[i] =3D (arc4random() & 0xff) ^ pass[i % 8];
 	}
 }
=20
Index: usr.sbin/pw/pw_user.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/usr.sbin/pw/pw_user.c,v
retrieving revision 1.44
diff -u -r1.44 pw_user.c
--- usr.sbin/pw/pw_user.c	2000/12/29 18:04:49	1.44
+++ usr.sbin/pw/pw_user.c	2001/02/27 19:05:05
@@ -55,7 +55,6 @@
 #define LOGNAMESIZE (MAXLOGNAME-1)
 #endif
=20
-static          int randinit;
 static		char locked_str[] =3D "*LOCKED*";
=20
 static int      print_user(struct passwd * pwd, int pretty, int v7);
@@ -1013,16 +1012,8 @@
 	/*
 	 * Calculate a salt value
 	 */
-	if (!randinit) {
-		randinit =3D 1;
-#ifdef __FreeBSD__
-		srandomdev();
-#else
-		srandom((unsigned long) (time(NULL) ^ getpid()));
-#endif
-	}
 	for (i =3D 0; i < 8; i++)
-		salt[i] =3D chars[random() % 63];
+		salt[i] =3D chars[arc4random() % 63];
 	salt[i] =3D '\0';
=20
 	return strcpy(buf, crypt(password, salt));
@@ -1086,15 +1077,7 @@
=20
 	switch (cnf->default_password) {
 	case -1:		/* Random password */
-		if (!randinit) {
-			randinit =3D 1;
-#ifdef __FreeBSD__
-			srandomdev();
-#else
-			srandom((unsigned long) (time(NULL) ^ getpid()));
-#endif
-		}
-		l =3D (random() % 8 + 8);	/* 8 - 16 chars */
+		l =3D (arc4random() % 8 + 8);	/* 8 - 16 chars */
 		pw_getrand(rndbuf, l);
 		for (i =3D 0; i < l; i++)
 			pwbuf[i] =3D chars[rndbuf[i] % (sizeof(chars)-1)];




--2oS5YaxWCcQjTEyO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6oXehWry0BWjoQKURAkCMAKDNLq+JHgc4pDinfX0uLAMzOdcpVACgsqvB
myoUVfNBLywOchUtN8R1GFk=
=D+tQ
-----END PGP SIGNATURE-----

--2oS5YaxWCcQjTEyO--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010303150049.A33806>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact