diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2018-10-02 22:07:44 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-10-02 22:07:44 +0000 |
commit | 38dedefe66680a4ff865ef5a33e1725e53fb3abb (patch) | |
tree | 1fc465374879a38ef7b2a0d8e7af92f70dabf810 | |
parent | 98cf6e66aabb931334f01118c87799f81d04a032 (diff) | |
parent | 41f76a6311dada02120693206cb8e2e411f7ce29 (diff) | |
download | platform_external_python_cpython2-38dedefe66680a4ff865ef5a33e1725e53fb3abb.tar.gz platform_external_python_cpython2-38dedefe66680a4ff865ef5a33e1725e53fb3abb.tar.bz2 platform_external_python_cpython2-38dedefe66680a4ff865ef5a33e1725e53fb3abb.zip |
Snap for 5044688 from 41f76a6311dada02120693206cb8e2e411f7ce29 to pi-qpr2-releaseandroid-9.0.0_r35android-9.0.0_r34android-9.0.0_r33android-9.0.0_r32android-9.0.0_r31pie-qpr2-release
Change-Id: I3103d9aaa0a94e1a07d05e3878f3cb6f0cca4ca7
-rw-r--r-- | Modules/expat/xmlparse.c | 59 |
1 files changed, 47 insertions, 12 deletions
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c index 412838794d..3f0939e88d 100644 --- a/Modules/expat/xmlparse.c +++ b/Modules/expat/xmlparse.c @@ -2,6 +2,20 @@ See the file COPYING for copying permission. */ +#include <stddef.h> +#include <stdint.h> +#include <string.h> /* memset(), memcpy() */ +#include <assert.h> +#include <limits.h> /* UINT_MAX */ + +#ifdef COMPILED_FROM_DSP +#define getpid GetCurrentProcessId +#else +#include <sys/time.h> /* gettimeofday() */ +#include <sys/types.h> /* getpid() */ +#include <unistd.h> /* getpid() */ +#endif + #define XML_BUILDING_EXPAT 1 #ifdef COMPILED_FROM_DSP @@ -16,12 +30,6 @@ #include <expat_config.h> #endif /* ndef COMPILED_FROM_DSP */ -#include <stddef.h> -#include <string.h> /* memset(), memcpy() */ -#include <assert.h> -#include <limits.h> /* UINT_MAX */ -#include <time.h> /* time() */ - #include "ascii.h" #include "expat.h" @@ -432,7 +440,7 @@ static ELEMENT_TYPE * getElementType(XML_Parser parser, const ENCODING *enc, const char *ptr, const char *end); -static unsigned long generate_hash_secret_salt(void); +static unsigned long generate_hash_secret_salt(XML_Parser parser); static XML_Bool startParsing(XML_Parser parser); static XML_Parser @@ -691,11 +699,38 @@ static const XML_Char implicitContext[] = { }; static unsigned long -generate_hash_secret_salt(void) +gather_time_entropy(void) +{ +#ifdef COMPILED_FROM_DSP + FILETIME ft; + GetSystemTimeAsFileTime(&ft); /* never fails */ + return ft.dwHighDateTime ^ ft.dwLowDateTime; +#else + struct timeval tv; + int gettimeofday_res; + + gettimeofday_res = gettimeofday(&tv, NULL); + assert (gettimeofday_res == 0); + + /* Microseconds time is <20 bits entropy */ + return tv.tv_usec; +#endif +} + +static unsigned long +generate_hash_secret_salt(XML_Parser parser) { - unsigned int seed = time(NULL) % UINT_MAX; - srand(seed); - return rand(); + /* Process ID is 0 bits entropy if attacker has local access + * XML_Parser address is few bits of entropy if attacker has local access */ + const unsigned long entropy = + gather_time_entropy() ^ getpid() ^ (uintptr_t)parser; + + /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ + if (sizeof(unsigned long) == 4) { + return entropy * 2147483647; + } else { + return entropy * 2305843009213693951; + } } static XML_Bool /* only valid for root parser */ @@ -703,7 +738,7 @@ startParsing(XML_Parser parser) { /* hash functions must be initialized before setContext() is called */ if (hash_secret_salt == 0) - hash_secret_salt = generate_hash_secret_salt(); + hash_secret_salt = generate_hash_secret_salt(parser); if (ns) { /* implicit context only set for root parser, since child parsers (i.e. external entity parsers) will inherit it |