Re: [nmap-svn] r11849 - nbase

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 23 Jan 2009 20:38:02 -0800 or thereabouts
commit-mailer () insecure org wrote:

> Author: david
> Date: Fri Jan 23 20:38:01 2009
> New Revision: 11849
>
> Modified:
>    nbase/nbase_rnd.c
>
> Log:
> In the random number generator initialization, retry the read
> from /dev/urandom as long as it is interrupted by an EINTR. This
> doesn't matter much in this situation but it's more correct and it
> makes a _FORTIFY_SOURCE warning go away.
>
> I considered repeating the read until the the initialization buffer
> is full, just in case it is not filled by the first read. I decided
> against that because these do not have to be high-quality random
> numbers and we certainly don't want Nmap to block if the system is
> low on entropy. The previous version likewise did just one read
> without counting how many bytes were read, so this doesn't change
> behavior.

Hi David.  I think this patch looks pretty good.  Just a note
though, /dev/urandom and /dev/arandom will never block, even on a
machine with a empty entropy pool.  We fold the PID and current time
into the RC4 pool too so a failure on read is mostly acceptable.
Nobody really cares if Nmap produces cryptographic quality random
numbers anyways.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkl9GL0ACgkQqaGPzAsl94I1BACfaQY6wTod5BJTqHMhM+Bwj0Gm
YUEAoI8PBAS3VKc1vaJlhBJfI0KvzZyR
=Q+hQ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org