[PATCH libICE v2] Use getentropy() if arc4random_buf() is not available
Peter Hutterer
peter.hutterer at who-t.net
Mon Apr 24 01:10:23 UTC 2017
On Sat, Apr 22, 2017 at 05:44:18PM -0700, Alan Coopersmith wrote:
> On 04/ 4/17 10:12 AM, Benjamin Tissoires wrote:
> > This allows to fix CVE-2017-2626 on Linux platforms without pulling in
> > libbsd.
> > The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
> > For Linux, we need at least a v3.17 kernel. If the recommended
> > arc4random_buf() function is not available, emulate it by first trying
> > to use getentropy() on a supported glibc and kernel. If the call fails,
> > fall back to the current (partly vulnerable) code.
> >
> > Signed-off-by: Benjamin Tissoires <benjamin.tissoires at gmail.com>
> >
> > ---
> >
> > changes in v2:
> > - use the getentropy() from glibc, not the plain syscall
> > - make it clear that arc4random_buf() should be preferred and that we
> > are only adding band-aids on top of the missing function
>
> Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Thanks
1746abb..ff5e59f master -> master
Cheers,
Peter
More information about the xorg-devel
mailing list