You are viewing a plain text version of this content. The canonical link for it is here.

Posted to test-cvs@httpd.apache.org by aa...@apache.org on 2001/11/17 00:41:10 UTC

cvs commit: httpd-test/flood STATUS

aaron       01/11/16 15:41:10

  Modified:    flood    STATUS
  Log:
  Running mental monologue.
  
  Revision  Changes    Path
  1.20      +4 -1      httpd-test/flood/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-test/flood/STATUS,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- STATUS	2001/11/16 22:38:12	1.19
  +++ STATUS	2001/11/16 23:41:10	1.20
  @@ -1,5 +1,5 @@
   flood STATUS:							-*-text-*-
  -Last modified at [$Date: 2001/11/16 22:38:12 $]
  +Last modified at [$Date: 2001/11/16 23:41:10 $]
   
   Release:
   
  @@ -35,6 +35,9 @@
       * FLOOD_HAS_OPENSSL is now a CPP defined symbol. Use it to optionally
         compile OpenSSL code so that we don't have to require OpenSSL any
         longer.
  +
  +    * SEGVs when /tmp/.rnd doesn't exist are bad. Make it configurable
  +      and at least bomb with a good error message.
   
   Other features that need writing:

Re: cvs commit: httpd-test/flood STATUS

Posted by Doug MacEachern <do...@covalent.net>.

On 16 Nov 2001 aaron@apache.org wrote:

>   +    * SEGVs when /tmp/.rnd doesn't exist are bad. Make it configurable
>   +      and at least bomb with a good error message.

you can just seed from memory instead, something like the patch below
(untested).  i had borrowed the code from mod_ssl for another project a
while back to solve the same problem.  probably would be better if
apr_generate_random_bytes() could be used here.

Index: flood/flood_net_ssl.c
===================================================================
RCS file: /home/cvs/httpd-test/flood/flood_net_ssl.c,v
retrieving revision 1.10
diff -u -r1.10 flood_net_ssl.c
--- flood/flood_net_ssl.c	2001/10/10 21:42:07	1.10
+++ flood/flood_net_ssl.c	2001/11/17 00:26:01
@@ -142,6 +142,40 @@
 }
 #endif
 
+/* borrowed from mod_ssl */
+static int ssl_rand_choosenum(int l, int h)
+{
+    int i;
+    char buf[50];
+
+    srand((unsigned int)time(NULL));
+    apr_snprintf(buf, sizeof(buf), "%.0f",
+		 (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l)));
+    i = atoi(buf)+1;
+    if (i < l) i = l;
+    if (i > h) i = h;
+    return i;
+}
+
+static void load_rand(void)
+{
+    unsigned char stackdata[256];
+    time_t tt;
+    pid_t pid;
+    int l, n;
+
+    tt = time(NULL);
+    l = sizeof(time_t);
+    RAND_seed((unsigned char *)&tt, l);
+
+    pid = (pid_t)getpid();
+    l = sizeof(pid_t);
+    RAND_seed((unsigned char *)&pid, l);
+
+    n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
+    RAND_seed(stackdata+n, 128);
+}
+
 apr_status_t ssl_init_socket(apr_pool_t *pool)
 {
 #if APR_HAS_THREADS
@@ -154,7 +188,7 @@
     OpenSSL_add_ssl_algorithms();
     SSL_load_error_strings();
     ERR_load_crypto_strings();
-    RAND_load_file(RANDFILE, -1);
+    load_rand();
 
 #if APR_HAS_THREADS
     numlocks = CRYPTO_num_locks();