Attachment #731000 for bug #1025084

View | Details | Raw Unified | Return to bug 1025084
Collapse All | Expand All

Lines 134-140 AM_CONDITIONAL(SPECIAL_DTRACE_OBJECTS, [ Link Here

(-)xorg-server-1.18.3/configure.ac (-2 / +2 lines)
134	AC_HEADER_DIRENT	134	AC_HEADER_DIRENT
135	AC_HEADER_STDC	135	AC_HEADER_STDC
136	AC_CHECK_HEADERS([fcntl.h stdlib.h string.h unistd.h dlfcn.h stropts.h \	136	AC_CHECK_HEADERS([fcntl.h stdlib.h string.h unistd.h dlfcn.h stropts.h \
137	fnmatch.h sys/mkdev.h sys/utsname.h])	137	fnmatch.h sys/mkdev.h sys/utsname.h sys/syscall.h])
138		138
139	dnl Checks for typedefs, structures, and compiler characteristics.	139	dnl Checks for typedefs, structures, and compiler characteristics.
140	AC_C_CONST	140	AC_C_CONST
Lines 224-230 AC_REPLACE_FUNCS([reallocarray strcasecm Link Here
224	timingsafe_memcmp])	224	timingsafe_memcmp])
225		225
226	AC_CHECK_LIB([bsd], [arc4random_buf])	226	AC_CHECK_LIB([bsd], [arc4random_buf])
227	AC_CHECK_FUNCS([arc4random_buf])	227	AC_CHECK_FUNCS([arc4random_buf getentropy])
228		228
229	AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])	229	AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
230		230

Lines 161-166 Link Here

(-)xorg-server-1.18.3/include/dix-config.h.in (+6 lines)
161	/* Define to 1 if you have the `arc4random_buf' function. */	161	/* Define to 1 if you have the `arc4random_buf' function. */
162	#undef HAVE_ARC4RANDOM_BUF	162	#undef HAVE_ARC4RANDOM_BUF
163		163
		164	/* Define to 1 if you have the `getentropy' function. */
		165	#undef HAVE_GETENTROPY
		166
164	/* Define to use libc SHA1 functions */	167	/* Define to use libc SHA1 functions */
165	#undef HAVE_SHA1_IN_LIBC	168	#undef HAVE_SHA1_IN_LIBC
166		169
Lines 238-243 Link Here
238	/* Define to 1 if you have the <sys/utsname.h> header file. */	241	/* Define to 1 if you have the <sys/utsname.h> header file. */
239	#undef HAVE_SYS_UTSNAME_H	242	#undef HAVE_SYS_UTSNAME_H
240		243
		244	/* Define to 1 if you have the <sys/syscall.h> header file. */
		245	#undef HAVE_SYS_SYSCALL_H
		246
241	/* Define to 1 if you have the `timingsafe_memcmp' function. */	247	/* Define to 1 if you have the `timingsafe_memcmp' function. */
242	#undef HAVE_TIMINGSAFE_MEMCMP	248	#undef HAVE_TIMINGSAFE_MEMCMP
243		249

Lines 48-53 from The Open Group. Link Here

(-)xorg-server-1.18.3/os/auth.c (-5 / +130 lines)
48	#ifdef HAVE_LIBBSD	48	#ifdef HAVE_LIBBSD
49	#include <bsd/stdlib.h> /* for arc4random_buf() */	49	#include <bsd/stdlib.h> /* for arc4random_buf() */
50	#endif	50	#endif
		51	#include <errno.h>
		52	#ifdef HAVE_SYS_SYSCALL_H
		53	#include <syscall.h>
		54	#endif
51		55
52	struct protocol {	56	struct protocol {
53	unsigned short name_length;	57	unsigned short name_length;
Lines 302-319 GenerateAuthorization(unsigned name_leng Link Here
302	return -1;	306	return -1;
303	}	307	}
304		308
		309	#if ! defined(HAVE_ARC4RANDOM_BUF)
		310
		311	// fallback function to get random data directly from /dev/urandom
		312
		313	static int
		314	GetUrandom ( char *buffer, size_t length )
		315	{
		316	int random_fd = -1;
		317	int res = -1;
		318	size_t filled = 0;
		319
		320	// larger requests are typically rejected by getentropy() / getrandom()
		321	// because they could block or return partially filled buffers
		322	if( length > 256 ) {
		323	errno = EIO;
		324	return -1;
		325	}
		326
		327	random_fd = open("/dev/urandom", O_RDONLY \| O_CLOEXEC);
		328
		329	if( random_fd == -1 ) {
		330	return -1;
		331	}
		332
		333	while( filled < length ) {
		334	res = read(random_fd, (char*)buffer + filled, length - filled);
		335
		336	if( res == -1 ) {
		337	// shouldn't actually happen acc. to man(4) random,
		338	// but you never know
		339	if( errno == EINTR ) {
		340	continue;
		341	}
		342
		343	close(random_fd);
		344	return -1;
		345	}
		346	else if( res == 0 ) {
		347	// no more bytes available? should not happen
		348	errno = EIO;
		349	close(random_fd);
		350	return -1;
		351	}
		352
		353	filled += res;
		354	}
		355
		356	close(random_fd);
		357	return 0;
		358	}
		359
		360	#endif // ! defined(HAVE_ARC4RANDOM_BUF)
		361
		362	#if !defined(HAVE_GETENTROPY) && defined(HAVE_SYS_SYSCALL_H) && defined(SYS_getrandom)
		363	# define TRY_GETRANDOM
		364	#endif
		365
		366	#ifdef TRY_GETRANDOM
		367
		368	/*
		369	* wrapper for the getrandom() syscall which was for a long time implemented
		370	* in the Linux kernel, but not wrapped in glibc
		371	*/
		372	static int
373	GetRandom ( char *buffer, size_t length )
374	{
375	int res;
376	size_t filled = 0;
377
378	// larger requests are typically rejected by getentropy() / getrandom()
379	// because they could block or return partially filled buffers
380	if( length > 256 )
381	{
382	errno = EIO;
383	return -1;
384	}
385
386	while( filled < length )
387	{
388	/*
389	* glibc does not contain a syscall wrapper for this in older
390	* versions
391	*/
392	res = syscall(SYS_getrandom, (char*)buffer + filled, length - filled, 0);
393
394	if( res == -1 )
395	{
396	if( errno == EINTR ) {
397	continue;
398	}
399
400	return -1;
401	}
402	else if( res == 0 )
403	{
404	// no more bytes available? should not happen
405	errno = EIO;
406	return -1;
407	}
408
409	filled += res;
410	}
411
412	return 0;
413	}
414
415	#endif /* TRY_GETRANDOM */
416
305	void	417	void
306	GenerateRandomData(int len, char *buf)	418	GenerateRandomData(int len, char *buf)
307	{	419	{
308	#ifdef HAVE_ARC4RANDOM_BUF	420	#ifdef HAVE_ARC4RANDOM_BUF
309	arc4random_buf(buf, len);	421	arc4random_buf(buf, len);
310	#else	422	#else
311	int fd;	423	int ret = -1;
		424	# ifdef HAVE_GETENTROPY
		425	/* use getentropy instead */
		426	ret = getentropy (auth, len);
		427	# elif defined(TRY_GETRANDOM)
		428	/* try getrandom() wrapper */
		429	ret = GetRandom(buf, len);
		430	# endif
		431
		432	if( ret == -1 ) {
		433	// fallback to manual reading of /dev/urandom
		434	ret = GetUrandom(buf, len);
		435	}
312		436
313	fd = open("/dev/urandom", O_RDONLY);	437	if( ret == -1 ) {
314	read(fd, buf, len);	438	// no error return possible, rather abort than have security problems
315	close(fd);	439	OsAbort();
316	#endif	440	}
		441	#endif // HAVE_ARC4RANDOM_BUF
317	}	442	}
318		443
319	#endif /* XCSECURITY */	444	#endif /* XCSECURITY */

Return to bug 1025084