From 60fcaa6ec95ae320234dd596e708c59bf814f7b9 Mon Sep 17 00:00:00 2001 From: Greg Alexander Date: Mon, 8 Aug 2016 14:08:49 -0400 Subject: [PATCH] When reading data from various spots in /proc to initialize the random number generator: * reduce timeout from 2s to 1ms * if timeout, abort * only read first 4096 bytes this is to work around the fact that on Samsung Tab 4, /proc/timer_list is apparently 167MB! --- dropbear/dbrandom.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/dropbear/dbrandom.c b/dropbear/dbrandom.c index e2f55c2..5d3ed8c 100644 --- a/dropbear/dbrandom.c +++ b/dropbear/dbrandom.c @@ -85,8 +85,8 @@ process_file(hash_state *hs, const char *filename, struct timeval timeout; fd_set read_fds; - timeout.tv_sec = 2; - timeout.tv_usec = 0; + timeout.tv_sec = 0; + timeout.tv_usec = 1000; FD_ZERO(&read_fds); FD_SET(readfd, &read_fds); @@ -98,6 +98,8 @@ process_file(hash_state *hs, const char *filename, } } + if (already_blocked) break; + if (len == 0) { wantread = sizeof(readbuf); @@ -205,12 +207,12 @@ void seedrandom() { #ifdef __linux__ /* Seems to be a reasonable source of entropy from timers. Possibly hard * for even local attackers to reproduce */ - process_file(&hs, "/proc/timer_list", 0, 0); + process_file(&hs, "/proc/timer_list", 4096, 0); /* Might help on systems with wireless */ - process_file(&hs, "/proc/interrupts", 0, 0); + process_file(&hs, "/proc/interrupts", 4096, 0); - process_file(&hs, "/proc/loadavg", 0, 0); - process_file(&hs, "/proc/sys/kernel/random/entropy_avail", 0, 0); + process_file(&hs, "/proc/loadavg", 4096, 0); + process_file(&hs, "/proc/sys/kernel/random/entropy_avail", 4096, 0); /* Mostly network visible but useful in some situations. * Limit size to avoid slowdowns on systems with lots of routes */ @@ -219,7 +221,7 @@ void seedrandom() { process_file(&hs, "/proc/net/tcp", 4096, 0); /* Also includes interface lo */ process_file(&hs, "/proc/net/rt_cache", 4096, 0); - process_file(&hs, "/proc/vmstat", 0, 0); + process_file(&hs, "/proc/vmstat", 4096, 0); #endif pid = getpid();