You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-cvs@httpd.apache.org by aa...@apache.org on 2001/11/17 00:41:10 UTC
cvs commit: httpd-test/flood STATUS
aaron 01/11/16 15:41:10
Modified: flood STATUS
Log:
Running mental monologue.
Revision Changes Path
1.20 +4 -1 httpd-test/flood/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-test/flood/STATUS,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- STATUS 2001/11/16 22:38:12 1.19
+++ STATUS 2001/11/16 23:41:10 1.20
@@ -1,5 +1,5 @@
flood STATUS: -*-text-*-
-Last modified at [$Date: 2001/11/16 22:38:12 $]
+Last modified at [$Date: 2001/11/16 23:41:10 $]
Release:
@@ -35,6 +35,9 @@
* FLOOD_HAS_OPENSSL is now a CPP defined symbol. Use it to optionally
compile OpenSSL code so that we don't have to require OpenSSL any
longer.
+
+ * SEGVs when /tmp/.rnd doesn't exist are bad. Make it configurable
+ and at least bomb with a good error message.
Other features that need writing:
Re: cvs commit: httpd-test/flood STATUS
Posted by Doug MacEachern <do...@covalent.net>.
On 16 Nov 2001 aaron@apache.org wrote:
> + * SEGVs when /tmp/.rnd doesn't exist are bad. Make it configurable
> + and at least bomb with a good error message.
you can just seed from memory instead, something like the patch below
(untested). i had borrowed the code from mod_ssl for another project a
while back to solve the same problem. probably would be better if
apr_generate_random_bytes() could be used here.
Index: flood/flood_net_ssl.c
===================================================================
RCS file: /home/cvs/httpd-test/flood/flood_net_ssl.c,v
retrieving revision 1.10
diff -u -r1.10 flood_net_ssl.c
--- flood/flood_net_ssl.c 2001/10/10 21:42:07 1.10
+++ flood/flood_net_ssl.c 2001/11/17 00:26:01
@@ -142,6 +142,40 @@
}
#endif
+/* borrowed from mod_ssl */
+static int ssl_rand_choosenum(int l, int h)
+{
+ int i;
+ char buf[50];
+
+ srand((unsigned int)time(NULL));
+ apr_snprintf(buf, sizeof(buf), "%.0f",
+ (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l)));
+ i = atoi(buf)+1;
+ if (i < l) i = l;
+ if (i > h) i = h;
+ return i;
+}
+
+static void load_rand(void)
+{
+ unsigned char stackdata[256];
+ time_t tt;
+ pid_t pid;
+ int l, n;
+
+ tt = time(NULL);
+ l = sizeof(time_t);
+ RAND_seed((unsigned char *)&tt, l);
+
+ pid = (pid_t)getpid();
+ l = sizeof(pid_t);
+ RAND_seed((unsigned char *)&pid, l);
+
+ n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
+ RAND_seed(stackdata+n, 128);
+}
+
apr_status_t ssl_init_socket(apr_pool_t *pool)
{
#if APR_HAS_THREADS
@@ -154,7 +188,7 @@
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
- RAND_load_file(RANDFILE, -1);
+ load_rand();
#if APR_HAS_THREADS
numlocks = CRYPTO_num_locks();