2 files changed, 34 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index e076fc66f..9c14c6aea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20050216
+ - (djm) write seed to temporary file and atomically rename into place; 
+   ok dtucker@
 20050215
 - (dtucker) [config.sh.in] Collect oslevel -r too.
 - (dtucker) [README.platform auth.c configure.ac loginrec.c
@@ -2131,4 +2135,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3653 2005/02/15 11:19:28 dtucker Exp $
+$Id: ChangeLog,v 1.3654 2005/02/16 02:02:45 djm Exp $
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 7cd081fab..6412d44e2 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
-RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.21 2005/02/16 02:02:45 djm Exp $");
 /* Number of bytes we write out */
 #define OUTPUT_SEED_SIZE        48
@@ -550,10 +550,11 @@ prng_check_seedfile(char *filename)
 void
 prng_write_seedfile(void)
 {
-        int fd;
+        int fd, save_errno;
        unsigned char seed[SEED_FILE_SIZE];
-        char filename[MAXPATHLEN];
+        char filename[MAXPATHLEN], tmpseed[MAXPATHLEN];
        struct passwd *pw;
+        mode_t old_umask;
        pw = getpwuid(getuid());
        if (pw == NULL)
@@ -568,7 +569,10 @@ prng_write_seedfile(void)
        snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
            SSH_PRNG_SEED_FILE);
-        debug("writing PRNG seed to file %.100s", filename);
+        strlcpy(tmpseed, filename, sizeof(tmpseed));
+        if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >=
+            sizeof(tmpseed))
+                fatal("PRNG seed filename too long");
        if (RAND_bytes(seed, sizeof(seed)) <= 0)
                fatal("PRNG seed extraction failed");
@@ -576,15 +580,31 @@ prng_write_seedfile(void)
        /* Don't care if the seed doesn't exist */
        prng_check_seedfile(filename);
-        if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
+        old_umask = umask(0177);
-                debug("WARNING: couldn't access PRNG seedfile %.100s "
-                    "(%.100s)", filename, strerror(errno));
+        if ((fd = mkstemp(tmpseed)) == -1) {
+                debug("WARNING: couldn't make temporary PRNG seedfile %.100s "
+                    "(%.100s)", tmpseed, strerror(errno));
        } else {
-                if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed))
+                debug("writing PRNG seed to file %.100s", tmpseed);
+                if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) {
+                        save_errno = errno;
+                        close(fd);
+                        unlink(tmpseed);
                        fatal("problem writing PRNG seedfile %.100s "
-                            "(%.100s)", filename, strerror(errno));
+                            "(%.100s)", filename, strerror(save_errno));
+                }
                close(fd);
+                debug("moving temporary PRNG seed to file %.100s", filename);
+                if (rename(tmpseed, filename) == -1) {
+                        save_errno = errno;
+                        unlink(tmpseed);
+                        fatal("problem renaming PRNG seedfile from %.100s "
+                            "to %.100s (%.100s)", tmpseed, filename, 
+                            strerror(save_errno));
+                }
        }
+        umask(old_umask);
 }
 void

diff --git a/ChangeLog b/ChangeLog index e076fc66f..9c14c6aea 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,7 @@
		1	20050216
		2	- (djm) write seed to temporary file and atomically rename into place;
		3	ok dtucker@
		4
1	20050215	5	20050215
2	- (dtucker) [config.sh.in] Collect oslevel -r too.	6	- (dtucker) [config.sh.in] Collect oslevel -r too.
3	- (dtucker) [README.platform auth.c configure.ac loginrec.c	7	- (dtucker) [README.platform auth.c configure.ac loginrec.c
@@ -2131,4 +2135,4 @@
2131	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	2135	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
2132	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	2136	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2133		2137
2134	$Id: ChangeLog,v 1.3653 2005/02/15 11:19:28 dtucker Exp $	2138	$Id: ChangeLog,v 1.3654 2005/02/16 02:02:45 djm Exp $


diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 7cd081fab..6412d44e2 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
39	#include "pathnames.h"	39	#include "pathnames.h"
40	#include "log.h"	40	#include "log.h"
41		41
42	RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $");	42	RCSID("$Id: ssh-rand-helper.c,v 1.21 2005/02/16 02:02:45 djm Exp $");
43		43
44	/* Number of bytes we write out */	44	/* Number of bytes we write out */
45	#define OUTPUT_SEED_SIZE 48	45	#define OUTPUT_SEED_SIZE 48
@@ -550,10 +550,11 @@ prng_check_seedfile(char *filename)
550	void	550	void
551	prng_write_seedfile(void)	551	prng_write_seedfile(void)
552	{	552	{
553	int fd;	553	int fd, save_errno;
554	unsigned char seed[SEED_FILE_SIZE];	554	unsigned char seed[SEED_FILE_SIZE];
555	char filename[MAXPATHLEN];	555	char filename[MAXPATHLEN], tmpseed[MAXPATHLEN];
556	struct passwd *pw;	556	struct passwd *pw;
		557	mode_t old_umask;
557		558
558	pw = getpwuid(getuid());	559	pw = getpwuid(getuid());
559	if (pw == NULL)	560	if (pw == NULL)
@@ -568,7 +569,10 @@ prng_write_seedfile(void)
568	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,	569	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
569	SSH_PRNG_SEED_FILE);	570	SSH_PRNG_SEED_FILE);
570		571
571	debug("writing PRNG seed to file %.100s", filename);	572	strlcpy(tmpseed, filename, sizeof(tmpseed));
		573	if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >=
		574	sizeof(tmpseed))
		575	fatal("PRNG seed filename too long");
572		576
573	if (RAND_bytes(seed, sizeof(seed)) <= 0)	577	if (RAND_bytes(seed, sizeof(seed)) <= 0)
574	fatal("PRNG seed extraction failed");	578	fatal("PRNG seed extraction failed");
@@ -576,15 +580,31 @@ prng_write_seedfile(void)
576	/* Don't care if the seed doesn't exist */	580	/* Don't care if the seed doesn't exist */
577	prng_check_seedfile(filename);	581	prng_check_seedfile(filename);
578		582
579	if ((fd = open(filename, O_WRONLY\|O_TRUNC\|O_CREAT, 0600)) == -1) {	583	old_umask = umask(0177);
580	debug("WARNING: couldn't access PRNG seedfile %.100s "	584
581	"(%.100s)", filename, strerror(errno));	585	if ((fd = mkstemp(tmpseed)) == -1) {
		586	debug("WARNING: couldn't make temporary PRNG seedfile %.100s "
		587	"(%.100s)", tmpseed, strerror(errno));
582	} else {	588	} else {
583	if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed))	589	debug("writing PRNG seed to file %.100s", tmpseed);
		590	if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) {
		591	save_errno = errno;
		592	close(fd);
		593	unlink(tmpseed);
584	fatal("problem writing PRNG seedfile %.100s "	594	fatal("problem writing PRNG seedfile %.100s "
585	"(%.100s)", filename, strerror(errno));	595	"(%.100s)", filename, strerror(save_errno));
		596	}
586	close(fd);	597	close(fd);
		598	debug("moving temporary PRNG seed to file %.100s", filename);
		599	if (rename(tmpseed, filename) == -1) {
		600	save_errno = errno;
		601	unlink(tmpseed);
		602	fatal("problem renaming PRNG seedfile from %.100s "
		603	"to %.100s (%.100s)", tmpseed, filename,
		604	strerror(save_errno));
		605	}
587	}	606	}
		607	umask(old_umask);
588	}	608	}
589		609
590	void	610	void