Closed Bug 1257048 Opened 4 years ago Closed 3 years ago

Remove usages of getdtablesize from unix_rand.c

Categories

(NSS :: Libraries, defect)

defect
Not set

Tracking

(firefox48 affected)

RESOLVED DUPLICATE of bug 1346735
Tracking Status
firefox48 --- affected

People

(Reporter: toonetown, Unassigned)

Details

As per the comment from :glandium on Bug 1092004, it is suggested that the remaining uses of getdtablesize (which are in NSS's unix_rand.c) be replaced with a different alternative.  getdtablesize is not a posix function, and was recently deprecated (and removed) from the Android NDK.

While Bug 1092004 addresses the Android issue for the time being, the suggestion is to remove the call that is used at security/nss/lib/freebl/unix_rand.c:739
(In reply to Nathan Toone [:toonetown] from comment #0)
> As per the comment from :glandium on Bug 1092004, it is suggested that the
> remaining uses of getdtablesize (which are in NSS's unix_rand.c) be replaced
> with a different alternative.  getdtablesize is not a posix function, and
> was recently deprecated (and removed) from the Android NDK.
> 
> While Bug 1092004 addresses the Android issue for the time being, the
> suggestion is to remove the call that is used at
> security/nss/lib/freebl/unix_rand.c:739

or do on android like on many other platforms: #define getdtablesize sysconf(_SC_OPEN_MAX)
(or revisit netstat as a source of entropy)
... Or just remove all of the code for handling systems without a meaningful /dev/urandom
From the discussion at https://bugzilla.mozilla.org/show_bug.cgi?id=1103816#c6, it appears that there was a reason for not doing that in the first place (something about bionic hard coding a table balie or something). It looks to me like, however, all platforms use sysconf(_SC_OPEN_MAX), so it might be better to just remove all the #defines and just use sysconf directly. 

I do not, however, understand this code, or what it does...I merely logged this issue to make sure it didn't get lost. I'm not against working up a patch (I can) - but I am just a bit worried about causing some other unforeseen side effect.
(In reply to Ryan Sleevi from comment #3)
> ... Or just remove all of the code for handling systems without a meaningful
> /dev/urandom

There's discussion about that netstat-reading code's usefulness in bug 51429.
bug 51429 comment 78 points to filing a new bug to remove that code completely, I don't think that bug was ever filed. 9 years later, sounds like this could be this bug.
Bug 889116 is mostly that bug. The question is whether there is any NSS platform actively maintained that doesn't support /dev/urandom; at this point, I don't believe so?

We could take this to nss-dev@ as a possible agenda item for the next call.
No longer uses getdtablesize by bug 1346735
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1346735
You need to log in before you can comment on or make changes to this bug.