Use a define'd constant rather than sizeof
In `SSL_CTX_new`, if loading from `/dev/urandom` fails, the contents of a
local char array is used as a seed source. The size of this memory block is
passed using sizeof, but if the argument was ever changed to be `char *`,
this would not be good. So, instead, use a define'd constant.
A. Sinan Unur
10 years ago
110 | 110 | |
111 | 111 | MODULE = Crypt::SSLeay PACKAGE = Crypt::SSLeay::CTX PREFIX = SSL_CTX_ |
112 | 112 | |
113 | #define CRYPT_SSLEAY_RAND_BUFSIZE 1024 | |
114 | ||
113 | 115 | SSL_CTX* |
114 | 116 | SSL_CTX_new(packname, ssl_version) |
115 | 117 | SV* packname |
117 | 119 | CODE: |
118 | 120 | SSL_CTX* ctx; |
119 | 121 | static int bNotFirstTime; |
120 | char buf[1024]; | |
122 | char buf[ CRYPT_SSLEAY_RAND_BUFSIZE ]; | |
121 | 123 | int rand_bytes_read; |
122 | 124 | |
123 | 125 | if(!bNotFirstTime) { |
130 | 132 | |
131 | 133 | /**** Code from Devin Heitmueller, 10/3/2002 ****/ |
132 | 134 | /**** Use /dev/urandom to seed if available ****/ |
135 | /* see also | |
136 | * http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ | |
137 | */ | |
138 | /* Also, http://wiki.openssl.org/index.php/Random_Numbers#Seeds | |
139 | * seems to indicate maybe we should not be doing this ourselves | |
140 | */ | |
133 | 141 | rand_bytes_read = RAND_load_file("/dev/urandom", 1024); |
134 | 142 | if (rand_bytes_read <= 0) { |
135 | 143 | /* Couldn't read /dev/urandom, just seed off |
136 | 144 | * of the stack variable (the old way) |
137 | 145 | */ |
138 | RAND_seed(buf,sizeof buf); | |
146 | RAND_seed(buf, CRYPT_SSLEAY_RAND_BUFSIZE); | |
139 | 147 | } |
140 | 148 | |
141 | 149 | if(ssl_version == 23) { |