On Fri, Dec 15, 2006 at 11:43:38AM -0600, Kris Katterjohn wrote:
> This simple patch dramatically reduces the number of fopen()s and
> fclose()s used when getting random numbers from nbase_rnd.c by keeping
> the rng device open.
>
> Before:
>
> # strace nmap -p- localhost 2>&1 | grep 'open("/dev/[au]*random"' | wc
> 512 3584 31744
>
> After:
>
> # strace ./nmap -p- localhost 2>&1 | grep 'open("/dev/[au]*random"' | wc
> 2 14 124
You can also compare "strace -c" output to estimate effect of the change.
> --- x/nbase/nbase_rnd.c 2006-08-29 00:42:46.000000000 -0500
> +++ y/nbase/nbase_rnd.c 2006-12-15 11:06:02.000000000 -0600
> @@ -114,14 +114,14 @@ int get_random_bytes(void *buf, int numb
> int tmp;
> int res;
> struct timeval tv;
> - FILE *fp = NULL;
> + static FILE *fp;
> unsigned int i;
> short *iptr;
>
> if (numbytes < 0 || numbytes > 0xFFFF) return -1;
>
> if (bytesleft == 0) {
> - fp = fopen("/dev/arandom", "r");
> + if (!fp) fp = fopen("/dev/arandom", "r");
> if (!fp) fp = fopen("/dev/urandom", "r");
> if (!fp) fp = fopen("/dev/random", "r");
> if (fp) {
> @@ -149,7 +149,7 @@ int get_random_bytes(void *buf, int numb
> }
> bytesleft = (sizeof(bytebuf) / sizeof(short)) * sizeof(short);
> /* ^^^^^^^^^^^^^^^not as meaningless as it looks */
> - } else fclose(fp);
> + }
> }
>
> if (numbytes <= bytesleft) { /* we can cover it */
I'll have to apply smth like this to update my nmap chroot patch.
--
ldv
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 15 2006
Intro
