Again in RAND_poll(). crypto/rand/rand_win.c:
acquire, gen, release, netstatget, and netfree are not initialized to
zero.
If GetModuleHandle("NETAPI32.DLL) fails, or
GetModuleHandle("ADVAPI32.DLL") fails then the expression in
if (acquire && gen && release)
and
if (netstatget && netfree)
will evaluate as true.
NOTE: GetModuleHandle() will return 0 for a librray that exists on the
system but is not already loaded by the application. LoadLibrary() on
the other hand will only return 0 if the library is not currently
loaded. I suggest that LoadLibrary() be used instead of
GetModuleHandle(). This requires that FreeLibrary() be used to keep
the reference counts correct.
*** backup\rand_win.c Sun Sep 17 16:26:48 2000
--- rand_win.c Sun Sep 17 18:38:12 2000
***************
*** 184,200 ****
HWND h;
HMODULE advapi, kernel, user, netapi;
! CRYPTACQUIRECONTEXT acquire;
! CRYPTGENRANDOM gen;
! CRYPTRELEASECONTEXT release;
! NETSTATGET netstatget;
! NETFREE netfree;
/* load functions dynamically - not available on all systems */
! advapi = GetModuleHandle("ADVAPI32.DLL");
! kernel = GetModuleHandle("KERNEL32.DLL");
! user = GetModuleHandle("USER32.DLL");
! netapi = GetModuleHandle("NETAPI32.DLL");
if (netapi)
{
--- 184,200 ----
HWND h;
HMODULE advapi, kernel, user, netapi;
! CRYPTACQUIRECONTEXT acquire = 0;
! CRYPTGENRANDOM gen = 0;
! CRYPTRELEASECONTEXT release = 0;
! NETSTATGET netstatget = 0;
! NETFREE netfree = 0;
/* load functions dynamically - not available on all systems */
! advapi = LoadLibrary("ADVAPI32.DLL");
! kernel = LoadLibrary("KERNEL32.DLL");
! user = LoadLibrary("USER32.DLL");
! netapi = LoadLibrary("NETAPI32.DLL");
if (netapi)
{
***************
*** 218,223 ****
--- 218,226 ----
}
}
+ if (netapi)
+ FreeLibrary(netapi);
+
/* Read Performance Statistics from NT/2000 registry */
/* The size of the performance data can vary from call to call */
/* so we must guess the size of the buffer to use and increase */
***************
*** 289,294 ****
--- 292,300 ----
}
}
+ if (advapi)
+ FreeLibrary(advapi);
+
/* timer data */
readtimer();
***************
*** 347,352 ****
--- 353,360 ----
w = queue(QS_ALLEVENTS);
RAND_add(&w, sizeof(w), 0);
}
+
+ FreeLibrary(user);
}
/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
***************
*** 443,448 ****
--- 451,458 ----
CloseHandle(handle);
}
+
+ FreeLibrary(kernel);
}
#ifdef DEBUG
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
