This allows to fix CVE-2017-2625 on Linux platforms without pulling in
libbsd.
The syscall getrandom is available since kernel v3.17. The code first
tries to use the syscall on a supported kernel. If the syscall fails,
it falls back to the current (vulnerable) code.
We do not implement the glibc getrandom() call given that it's only
available in glibc 2.25, and the #if dance is already messy here.
Signed-off-by: Benjamin Tissoires <benjamin.tissoi...@gmail.com>
---
Key.c | 12 ++++++++++++
configure.ac | 3 +++
2 files changed, 15 insertions(+)
diff --git a/Key.c b/Key.c
index a09b316..61b07db 100644
--- a/Key.c
+++ b/Key.c
@@ -36,6 +36,10 @@ in this Software without prior written authorization from
The Open Group.
#include <bsd/stdlib.h> /* for arc4random_buf() */
#endif
+#if HAVE_DECL_SYS_GETRANDOM
+#include <sys/syscall.h> /* for SYS_getrandom */
+#endif
+
#ifndef HAVE_ARC4RANDOM_BUF
static void
getbits (long data, unsigned char *dst)
@@ -68,6 +72,14 @@ XdmcpGenerateKey (XdmAuthKeyPtr key)
#ifndef HAVE_ARC4RANDOM_BUF
long lowbits, highbits;
+#if HAVE_DECL_SYS_GETRANDOM
+ int ret;
+
+ ret = syscall(SYS_getrandom, key->data, 8, 0);
+ if (ret == 8)
+ return;
+#endif
+
srandom ((int)getpid() ^ time((Time_t *)0));
lowbits = random ();
highbits = random ();
diff --git a/configure.ac b/configure.ac
index 2288502..d0d4d05 100644
--- a/configure.ac
+++ b/configure.ac
@@ -63,6 +63,9 @@ case $host_os in
;;
esac
+# Checks for syscalls
+AC_CHECK_DECLS([SYS_getrandom], [], [], [[#include <sys/syscall.h>]])
+
# Checks for library functions.
AC_CHECK_LIB([bsd], [arc4random_buf])
AC_CHECK_FUNCS([srand48 lrand48 arc4random_buf])
--
2.9.3
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel
