[Dovecot] Dovecot, Fedora, SSL

Timo Sirainen tss at iki.fi
Mon May 10 22:17:51 EEST 2004


On Mon, 2004-05-10 at 21:23, Benjamin J. Weiss wrote:
> Thanks, but I received an email pointing out an SSL problem with Fedora and
> dovecot:
> 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=115284

Well, I finally looked at what Fedora's OpenSSL package looks like. It
has at least this patch which doesn't work if Dovecot is chrooted. I'm
not really sure when ICA is really called though.

Actually there's a bug in that patch, if open() fails rfd = -1. The
check should be if (rfd == -1), not if (rfd)..

Maybe it would work with that fix? Anyone want to try?

--- openssl-0.9.7a/libica-1.3.5/src/prand.c.urandom	2003-07-10 16:09:35.000000000 -0400
+++ openssl-0.9.7a/libica-1.3.5/src/prand.c	2003-10-24 01:59:53.000000000 -0400
@@ -421,11 +421,26 @@
    */
 
 
+   /*
+   **   Change 10/24/03 PK: Use /dev/urandom instead.
+   */
    static unsigned char get_byte(u_int32 *array5, int current_byte)
    {
-
       u_int32 val;
+      static int rfd = 0;	/* File descriptor to /dev/urandom */
+      unsigned char retval;
+
+      if (!rfd) {
+          rfd = open("/dev/urandom", O_RDONLY);
+      }
+
+      /* If we have a valid fd for /dev/urandom then use it */
+      if (rfd) {
+         read(rfd, &retval, 1);
+         return retval;
+      }
 
+      /* Otherwise use the old pseudo random number generator */
       val = *(array5 + current_byte/4);
 
       current_byte %= 4;

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040510/7c390a39/attachment-0001.bin>


More information about the dovecot mailing list