rpms / libXdmcp

Clone
Source Code
GIT

Blame 0001-Use-getentropy-if-arc4random_buf-is-not-available.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main rawhide
  1.   c5f7dee5d7cd3918ccb258efd68c14c76dd39a72
  2.   0001-Use-getentropy-if-arc4random_buf-is-not-available.patch
Blob History Raw
Benjamin Tissoires c5f7dee 
From 0554324ec6bbc2071f5d1f8ad211a1643e29eb1f Mon Sep 17 00:00:00 2001
Benjamin Tissoires c5f7dee 
From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Benjamin Tissoires c5f7dee 
Date: Tue, 4 Apr 2017 19:13:38 +0200
Benjamin Tissoires c5f7dee 
Subject: [PATCH libXdmcp 1/3] Use getentropy() if arc4random_buf() is not
Benjamin Tissoires c5f7dee 
 available
Benjamin Tissoires c5f7dee
Benjamin Tissoires c5f7dee 
This allows to fix CVE-2017-2625 on Linux platforms without pulling in
Benjamin Tissoires c5f7dee 
libbsd.
Benjamin Tissoires c5f7dee 
The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
Benjamin Tissoires c5f7dee 
For Linux, we need at least a v3.17 kernel. If the recommended
Benjamin Tissoires c5f7dee 
arc4random_buf() function is not available, emulate it by first trying
Benjamin Tissoires c5f7dee 
to use getentropy() on a supported glibc and kernel. If the call fails,
Benjamin Tissoires c5f7dee 
fall back to the current (vulnerable) code.
Benjamin Tissoires c5f7dee
Benjamin Tissoires c5f7dee 
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Benjamin Tissoires c5f7dee 
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Benjamin Tissoires c5f7dee 
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Benjamin Tissoires c5f7dee 
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Benjamin Tissoires c5f7dee 
---
Benjamin Tissoires c5f7dee 
 Key.c        | 31 ++++++++++++++++++++++++++-----
Benjamin Tissoires c5f7dee 
 configure.ac |  2 +-
Benjamin Tissoires c5f7dee 
 2 files changed, 27 insertions(+), 6 deletions(-)
Benjamin Tissoires c5f7dee
Benjamin Tissoires c5f7dee 
diff --git a/Key.c b/Key.c
Benjamin Tissoires c5f7dee 
index a09b316..70607d0 100644
Benjamin Tissoires c5f7dee 
--- a/Key.c
Benjamin Tissoires c5f7dee 
+++ b/Key.c
Benjamin Tissoires c5f7dee 
@@ -62,10 +62,11 @@ getbits (long data, unsigned char *dst)
Benjamin Tissoires c5f7dee 
 #define getpid(x) _getpid(x)
Benjamin Tissoires c5f7dee 
 #endif
Benjamin Tissoires c5f7dee
Benjamin Tissoires c5f7dee 
-void
Benjamin Tissoires c5f7dee 
-XdmcpGenerateKey (XdmAuthKeyPtr key)
Benjamin Tissoires c5f7dee 
-{
Benjamin Tissoires c5f7dee 
 #ifndef HAVE_ARC4RANDOM_BUF
Benjamin Tissoires c5f7dee 
+
Benjamin Tissoires c5f7dee 
+static void
Benjamin Tissoires c5f7dee 
+emulate_getrandom_buf (char *auth, int len)
Benjamin Tissoires c5f7dee 
+{
Benjamin Tissoires c5f7dee 
     long    lowbits, highbits;
Benjamin Tissoires c5f7dee
Benjamin Tissoires c5f7dee 
     srandom ((int)getpid() ^ time((Time_t *)0));
Benjamin Tissoires c5f7dee 
@@ -73,9 +74,29 @@ XdmcpGenerateKey (XdmAuthKeyPtr key)
Benjamin Tissoires c5f7dee 
     highbits = random ();
Benjamin Tissoires c5f7dee 
     getbits (lowbits, key->data);
Benjamin Tissoires c5f7dee 
     getbits (highbits, key->data + 4);
Benjamin Tissoires c5f7dee 
-#else
Benjamin Tissoires c5f7dee 
+}
Benjamin Tissoires c5f7dee 
+
Benjamin Tissoires c5f7dee 
+static void
Benjamin Tissoires c5f7dee 
+arc4random_buf (void *auth, int len)
Benjamin Tissoires c5f7dee 
+{
Benjamin Tissoires c5f7dee 
+    int	    ret;
Benjamin Tissoires c5f7dee 
+
Benjamin Tissoires c5f7dee 
+#if HAVE_GETENTROPY
Benjamin Tissoires c5f7dee 
+    /* weak emulation of arc4random through the getentropy libc call */
Benjamin Tissoires c5f7dee 
+    ret = getentropy (auth, len);
Benjamin Tissoires c5f7dee 
+    if (ret == 0)
Benjamin Tissoires c5f7dee 
+	return;
Benjamin Tissoires c5f7dee 
+#endif /* HAVE_GETENTROPY */
Benjamin Tissoires c5f7dee 
+
Benjamin Tissoires c5f7dee 
+    emulate_getrandom_buf (auth, len);
Benjamin Tissoires c5f7dee 
+}
Benjamin Tissoires c5f7dee 
+
Benjamin Tissoires c5f7dee 
+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
Benjamin Tissoires c5f7dee 
+
Benjamin Tissoires c5f7dee 
+void
Benjamin Tissoires c5f7dee 
+XdmcpGenerateKey (XdmAuthKeyPtr key)
Benjamin Tissoires c5f7dee 
+{
Benjamin Tissoires c5f7dee 
     arc4random_buf(key->data, 8);
Benjamin Tissoires c5f7dee 
-#endif
Benjamin Tissoires c5f7dee 
 }
Benjamin Tissoires c5f7dee
Benjamin Tissoires c5f7dee 
 int
Benjamin Tissoires c5f7dee 
diff --git a/configure.ac b/configure.ac
Benjamin Tissoires c5f7dee 
index 2288502..d2b045d 100644
Benjamin Tissoires c5f7dee 
--- a/configure.ac
Benjamin Tissoires c5f7dee 
+++ b/configure.ac
Benjamin Tissoires c5f7dee 
@@ -65,7 +65,7 @@ esac
Benjamin Tissoires c5f7dee
Benjamin Tissoires c5f7dee 
 # Checks for library functions.
Benjamin Tissoires c5f7dee 
 AC_CHECK_LIB([bsd], [arc4random_buf])
Benjamin Tissoires c5f7dee 
-AC_CHECK_FUNCS([srand48 lrand48 arc4random_buf])
Benjamin Tissoires c5f7dee 
+AC_CHECK_FUNCS([srand48 lrand48 arc4random_buf getentropy])
Benjamin Tissoires c5f7dee
Benjamin Tissoires c5f7dee 
 # Obtain compiler/linker options for depedencies
Benjamin Tissoires c5f7dee 
 PKG_CHECK_MODULES(XDMCP, xproto)
Benjamin Tissoires c5f7dee 
--
Benjamin Tissoires c5f7dee 
2.9.3
Benjamin Tissoires c5f7dee
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.