Call abort() if NSS cannot read from /dev/urandom.

patches/nss-urandom-abort.patch

Index: patches/nss-urandom-abort.patch
===================================================================
--- patches/nss-urandom-abort.patch	(revision 0)
+++ patches/nss-urandom-abort.patch	(revision 0)
@@ -0,0 +1,50 @@
+Index: nss/lib/freebl/unix_rand.c
+===================================================================
+--- nss/lib/freebl/unix_rand.c	(revision 204056)
++++ nss/lib/freebl/unix_rand.c	(working copy)
+@@ -918,6 +918,16 @@
+     || defined(HPUX)
+     if (bytes)
+         return;
++
++    /*
++     * Modified to abort the process if it failed to read from /dev/urandom.
++     *
++     * See crbug.com/244661 for details.
++     */
++    fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
++            "Abort process.\n", __FILE__, __LINE__);
++    fflush(stderr);
++    abort();
+ #endif
+ 
+ #ifdef SOLARIS
+@@ -968,9 +978,8 @@
+     /* suppress valgrind warnings due to holes in struct stat */
+     memset(&stat_buf, 0, sizeof(stat_buf));
+ 
+-    if (stat((char *)fileName, &stat_buf) < 0)
+-	return fileBytes;
+-    RNG_RandomUpdate(&stat_buf, sizeof(stat_buf));
++    if (stat((char *)fileName, &stat_buf) == 0)
++	RNG_RandomUpdate(&stat_buf, sizeof(stat_buf));
+     
+     file = fopen((char *)fileName, "r");
+     if (file != NULL) {
+@@ -1132,7 +1141,15 @@
+ 
+     file = fopen("/dev/urandom", "r");
+     if (file == NULL) {
+-	return rng_systemFromNoise(dest, maxLen);
++	/*
++	 * Modified to abort the process if it failed to read from /dev/urandom.
++	 *
++	 * See crbug.com/244661 for details.
++	 */
++	fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
++			"Abort process.\n", __FILE__, __LINE__);
++	fflush(stderr);
++	abort();
+     }
+     while (maxLen > fileBytes) {
+ 	bytes = maxLen - fileBytes;