ruby-changes:20004

akr	2011-06-13 18:36:48 +0900 (Mon, 13 Jun 2011)

  New Revision: 32050

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=32050

  Log:
    * lib/securerandom.rb (SecureRandom.random_bytes): modify PRNG state
      to prevent random number sequence repeatation at forked child
      process which has same pid.
      reported by Eric Wong.  [ruby-core:35765]

  Modified files:
    branches/ruby_1_8/ChangeLog
    branches/ruby_1_8/lib/securerandom.rb
    trunk/ChangeLog
    trunk/lib/securerandom.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 32049)
+++ ChangeLog	(revision 32050)
@@ -1,3 +1,10 @@
+Mon Jun 13 18:33:04 2011  Tanaka Akira  <akr@f...>
+
+	* lib/securerandom.rb (SecureRandom.random_bytes): modify PRNG state
+	  to prevent random number sequence repeatation at forked child
+	  process which has same pid.
+	  reported by Eric Wong.  [ruby-core:35765]
+
 Mon Jun 13 17:02:34 2011  NARUSE, Yui  <naruse@r...>
 
 	* lib/net/http.rb (Net::HTTP#use_ssl?): require 'openssl' only when
Index: lib/securerandom.rb
===================================================================
--- lib/securerandom.rb	(revision 32049)
+++ lib/securerandom.rb	(revision 32050)
@@ -57,6 +57,14 @@
     n ||= 16
 
     if defined? OpenSSL::Random
+      @pid = $$ if !defined?(@pid)
+      pid = $$
+      if @pid != pid
+        now = Time.now
+        ary = [now.to_i, now.nsec, @pid, pid]
+        OpenSSL::Random.seed(ary.to_s)
+        @pid = pid
+      end
       return OpenSSL::Random.random_bytes(n)
     end
 
Index: ruby_1_8/ChangeLog
===================================================================
--- ruby_1_8/ChangeLog	(revision 32049)
+++ ruby_1_8/ChangeLog	(revision 32050)
@@ -1,3 +1,10 @@
+Mon Jun 13 18:33:04 2011  Tanaka Akira  <akr@f...>
+
+	* lib/securerandom.rb (SecureRandom.random_bytes): modify PRNG state
+	  to prevent random number sequence repeatation at forked
+	  child process which has same pid.
+	  reported by Eric Wong.  [ruby-core:35765]
+
 Thu Jun  9 20:30:00 2011  Tadayoshi Funaba  <tadf@d...>
 
 	* lib/date.rb: zone_to_diff in this version is just class method.
Index: ruby_1_8/lib/securerandom.rb
===================================================================
--- ruby_1_8/lib/securerandom.rb	(revision 32049)
+++ ruby_1_8/lib/securerandom.rb	(revision 32050)
@@ -50,6 +50,14 @@
   def self.random_bytes(n=nil)
     n ||= 16
     if defined? OpenSSL::Random
+      @pid = $$ if !defined?(@pid)
+      pid = $$
+      if @pid != pid
+        now = Time.now
+        ary = [now.to_i, now.usec, @pid, pid]
+        OpenSSL::Random.seed(ary.to_s)
+        @pid = pid
+      end
       return OpenSSL::Random.random_bytes(n)
     end
     if !defined?(@has_urandom) || @has_urandom

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/