diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2018-12-26 20:32:56 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2018-12-26 20:42:54 +0100 |
| commit | 5236e631bb3c6f3a31c920709e3fe6c5cd579c14 (patch) | |
| tree | 0e9e149a185fb1d9526613f57e3e44004b01db2c | |
| parent | 4b33cf8cee7b048ebccfe83b27ce00e8bdd70a50 (diff) | |
autoconf check for srandom()/random() or fallback to less secure srand()/rand()
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | configure.ac | 6 | ||||
| -rw-r--r-- | src/Makefile.am | 4 | ||||
| -rw-r--r-- | src/ptunnel.c | 4 | ||||
| -rw-r--r-- | src/utils.c | 8 |
4 files changed, 18 insertions, 4 deletions
diff --git a/configure.ac b/configure.ac index 0517201..b0534e0 100644 --- a/configure.ac +++ b/configure.ac @@ -145,6 +145,11 @@ if test x"${pcap_enabled}" != x -a \ [pcap_enabled=]) fi +dnl Check for more secure randomization functions +AC_CHECK_FUNCS([timespec_get srandom random], + [random_enabled=yes], + [random_enabled=]) + dnl Check for SELINUX if test x"${selinux_enabled}" != x; then AC_CHECK_HEADERS([selinux/selinux.h],, @@ -179,6 +184,7 @@ AM_CONDITIONAL([HAVE_PCAP], [test x"${pcap_enabled}" = xyes]) AM_CONDITIONAL([HAVE_SELINUX], [test x"${selinux_enabled}" = xyes]) AM_CONDITIONAL([IS_WINDOWS], [test x"${use_msw}" = xyes]) AM_CONDITIONAL([HAVE_ICMPFILTER], [test x"${with_icmp_filter}" = xyes]) +AM_CONDITIONAL([HAVE_RANDOM], [test x"${random_enabled}" = xyes]) dnl output config headers AC_CONFIG_HEADERS([src/config.h:src/config.h.in]) diff --git a/src/Makefile.am b/src/Makefile.am index 3abddda..da23fd8 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -18,6 +18,10 @@ if HAVE_ICMPFILTER ptunnel_ng_CFLAGS += -DHAVE_ICMPFILTER=1 endif +if HAVE_RANDOM +ptunnel_ng_CFLAGS += -DHAVE_RANDOM=1 +endif + ptunnel_ng_SOURCES = \ md5.c \ challenge.c \ diff --git a/src/ptunnel.c b/src/ptunnel.c index 1944041..52661ae 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -126,10 +126,6 @@ int main(int argc, char *argv[]) { } #endif /* WIN32 */ - /* Seed random generator; it'll be used in combination with a timestamp - * when generating authentication challenges. - */ - srand(time(0)); memset(opts.password_digest, 0, kMD5_digest_size); /* The seq_expiry_tbl is used to prevent the remote ends from prematurely diff --git a/src/utils.c b/src/utils.c index 12e7992..6233753 100644 --- a/src/utils.c +++ b/src/utils.c @@ -148,9 +148,17 @@ void print_hexstr(unsigned char *buf, size_t siz) { #endif int pt_random(void) { +#ifdef HAVE_RANDOM +#ifndef TIME_UTC +#define TIME_UTC 1 +#endif struct timespec ts; assert(timespec_get(&ts, TIME_UTC)); srandom(ts.tv_nsec ^ ts.tv_sec); return random(); +#else + srand(time(0)); + return rand(); +#endif } |