ruby-changes:19613
From: shyouhei <ko1@a...>
Date: Sat, 21 May 2011 06:30:36 +0900 (JST)
Subject: [ruby-changes:19613] shyouhei:r31655 (ruby_1_8): * eval.c (rb_thread_atfork): When a ruby process forks, its random
shyouhei 2011-05-21 06:21:39 +0900 (Sat, 21 May 2011) New Revision: 31655 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=31655 Log: * eval.c (rb_thread_atfork): When a ruby process forks, its random seed shall be reinitialized to prevent CVE-2003-0900 situation. This bug affects for 1.8 and earlier series, but not for 1.9. fixed [ruby-core:34944]. * io.c (pipe_open): ditto. * random.c (rb_reset_random_seed): ditto. * intern.h (rb_reset_random_seed): ditto. Modified files: branches/ruby_1_8/ChangeLog branches/ruby_1_8/eval.c branches/ruby_1_8/intern.h branches/ruby_1_8/io.c branches/ruby_1_8/random.c Index: ruby_1_8/intern.h =================================================================== --- ruby_1_8/intern.h (revision 31654) +++ ruby_1_8/intern.h (revision 31655) @@ -392,6 +392,7 @@ /* random.c */ unsigned long rb_genrand_int32(void); double rb_genrand_real(void); +void rb_reset_random_seed(void); /* re.c */ int rb_memcmp _((const void*,const void*,long)); int rb_memcicmp _((const void*,const void*,long)); Index: ruby_1_8/ChangeLog =================================================================== --- ruby_1_8/ChangeLog (revision 31654) +++ ruby_1_8/ChangeLog (revision 31655) @@ -1,3 +1,16 @@ +Sat May 21 05:43:03 2011 URABE Shyouhei <shyouhei@r...> + + * eval.c (rb_thread_atfork): When a ruby process forks, its random + seed shall be reinitialized to prevent CVE-2003-0900 situation. + This bug affects for 1.8 and earlier series, but not for 1.9. + fixed [ruby-core:34944]. + + * io.c (pipe_open): ditto. + + * random.c (rb_reset_random_seed): ditto. + + * intern.h (rb_reset_random_seed): ditto. + Sun May 15 21:43:09 2011 Akinori MUSHA <knu@i...> * lib/uri/generic.rb (#route_from_path): Fix a bug where Index: ruby_1_8/io.c =================================================================== --- ruby_1_8/io.c (revision 31654) +++ ruby_1_8/io.c (revision 31655) @@ -3274,6 +3274,7 @@ rb_thread_stop_timer(); switch ((pid = fork())) { case 0: /* child */ + rb_thread_atfork(); if (modef & FMODE_READABLE) { close(pr[0]); if (pr[1] != 1) { Index: ruby_1_8/random.c =================================================================== --- ruby_1_8/random.c (revision 31654) +++ ruby_1_8/random.c (revision 31655) @@ -488,9 +488,15 @@ } void +rb_reset_random_seed() +{ + rand_init(random_seed()); +} + +void Init_Random() { - rand_init(random_seed()); + rb_reset_random_seed(); rb_define_global_function("srand", rb_f_srand, -1); rb_define_global_function("rand", rb_f_rand, -1); rb_global_variable(&saved_seed); Index: ruby_1_8/eval.c =================================================================== --- ruby_1_8/eval.c (revision 31654) +++ ruby_1_8/eval.c (revision 31655) @@ -13515,6 +13515,7 @@ { rb_thread_t th; + rb_reset_random_seed(); if (rb_thread_alone()) return; FOREACH_THREAD(th) { if (th != curr_thread) { -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/