tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6324 from Icinga/fix/6279-api-user-crash 

Ensure that password hash generation from OpenSSL is atomic
This commit is contained in:
Michael Friedrich 2018-05-23 11:25:52 +02:00 committed by GitHub
parent 2d8158ec29 08a14cd136
commit 653a2b4e7d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/base/tlsutility.cpp
View File

@ -31,6 +31,7 @@ namespace icinga
static bool l_SSLInitialized = false; static bool l_SSLInitialized = false;
static boost::mutex *l_Mutexes; static boost::mutex *l_Mutexes;
static boost::mutex l_RandomMutex;
#ifdef CRYPTO_LOCK #ifdef CRYPTO_LOCK
static void OpenSSLLockingCallback(int mode, int type, const char *, int) static void OpenSSLLockingCallback(int mode, int type, const char *, int)
@ -718,6 +719,11 @@ String RandomString(int length)
{ {
auto *bytes = new unsigned char[length]; auto *bytes = new unsigned char[length];
/* Ensure that password generation is atomic. RAND_bytes is not thread-safe
* in OpenSSL < 1.1.0.
*/
boost::mutex::scoped_lock lock(l_RandomMutex);
if (!RAND_bytes(bytes, length)) { if (!RAND_bytes(bytes, length)) {
delete [] bytes; delete [] bytes;
@ -730,6 +736,8 @@ String RandomString(int length)
<< errinfo_openssl_error(ERR_peek_error())); << errinfo_openssl_error(ERR_peek_error()));
} }
lock.unlock();
auto *output = new char[length * 2 + 1]; auto *output = new char[length * 2 + 1];
for (int i = 0; i < length; i++) for (int i = 0; i < length; i++)
sprintf(output + 2 * i, "%02x", bytes[i]); sprintf(output + 2 * i, "%02x", bytes[i]);