rbgarga at gmail
Aug 14, 2008, 7:14 AM
Views: 554
Permalink
|
|
Fwd: clamav port temp dir name bug
|
|
I've recieved this email today, what do you think about?
Thanks
> Date: Thu, 14 Aug 2008 16:52:02 +0400
> From: Andrey Chernov <ache[at]nagual.pp.ru>
> To: garga[at]FreeBSD.org
> Subject: clamav port temp dir name bug
>
> Hi.
> Starting the system today I got:
> ...
> Waiting for clamd socket..
>
> /var/tmp//clamav-a9d101123595605b61552c5d2ba83d8a: File exists
> /etc/rc: WARNING: failed to start clamav_milter
>
> Inspecting source code I found that it is due to very weak rand seeding in
> libclamav/others.c:
>
> unsigned int cli_rndnum(unsigned int max)
> {
> if(name_salt[0] == 16) { /* minimizes re-seeding after the first call to cli_gentemp() */
> struct timeval tv;
> gettimeofday(&tv, (struct timezone *) 0);
> srand(tv.tv_usec+clock());
> }
>
> I.e. I hit the situation when tv.tv_usec+clock() sum was the same across
> reboot.
>
> Please replace seeding to stronger one like
>
> sranddev();
>
> or at least (to be more portable):
>
> srand(tv.tv_sec^tv.tv_usec^clock()^getpid());
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
|
Fwd: clamav port temp dir name bug