[PATCH libXdmcp] Use getrandom() syscall if available
Benjamin Tissoires
benjamin.tissoires at gmail.com
Mon Apr 3 15:30:00 UTC 2017
On Mon, Apr 3, 2017 at 3:17 PM, walter harms <wharms at bfs.de> wrote:
>
>
> Am 03.04.2017 14:52, schrieb Benjamin Tissoires:
>> This allows to fix CVE-2017-2625 on Linux platforms without pulling in
>> libbsd.
>> The syscall getrandom is available since kernel v3.17. The code first
>> tries to use the syscall on a supported kernel. If the syscall fails,
>> it falls back to the current (vulnerable) code.
>> We do not implement the glibc getrandom() call given that it's only
>> available in glibc 2.25, and the #if dance is already messy here.
>>
>> Signed-off-by: Benjamin Tissoires <benjamin.tissoires at gmail.com>
>> ---
>> Key.c | 12 ++++++++++++
>> configure.ac | 3 +++
>> 2 files changed, 15 insertions(+)
>>
>> diff --git a/Key.c b/Key.c
>> index a09b316..61b07db 100644
>> --- a/Key.c
>> +++ b/Key.c
>> @@ -36,6 +36,10 @@ in this Software without prior written authorization from The Open Group.
>> #include <bsd/stdlib.h> /* for arc4random_buf() */
>> #endif
>>
>> +#if HAVE_DECL_SYS_GETRANDOM
>> +#include <sys/syscall.h> /* for SYS_getrandom */
>> +#endif
>> +
>> #ifndef HAVE_ARC4RANDOM_BUF
>> static void
>> getbits (long data, unsigned char *dst)
>> @@ -68,6 +72,14 @@ XdmcpGenerateKey (XdmAuthKeyPtr key)
>> #ifndef HAVE_ARC4RANDOM_BUF
>> long lowbits, highbits;
>>
>> +#if HAVE_DECL_SYS_GETRANDOM
>> + int ret;
>> +
>> + ret = syscall(SYS_getrandom, key->data, 8, 0);
>> + if (ret == 8)
>> + return;
>> +#endif
>> +
>
> i am not an expert on syscalls but would it help to test for
> SYS_getrandom directly ?
I am not sure I fully understand you. Are you suggesting to remove the
'ret' variable?
Cheers,
Benjamin
>
> re,
> wh
>
>
>> srandom ((int)getpid() ^ time((Time_t *)0));
>> lowbits = random ();
>> highbits = random ();
>> diff --git a/configure.ac b/configure.ac
>> index 2288502..d0d4d05 100644
>> --- a/configure.ac
>> +++ b/configure.ac
>> @@ -63,6 +63,9 @@ case $host_os in
>> ;;
>> esac
>>
>> +# Checks for syscalls
>> +AC_CHECK_DECLS([SYS_getrandom], [], [], [[#include <sys/syscall.h>]])
>> +
>> # Checks for library functions.
>> AC_CHECK_LIB([bsd], [arc4random_buf])
>> AC_CHECK_FUNCS([srand48 lrand48 arc4random_buf])
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: https://lists.x.org/mailman/listinfo/xorg-devel
More information about the xorg-devel
mailing list