Tree - rpms/glibc - CentOS Git server

rpms / glibc

Files

Commit: 4027b92ea3560662d9b92969a4364d22d1c64b95

Blob Blame History Raw

 commit f430293d842031f2afc3013f156e1018065e480e
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Tue Jan 12 09:17:09 2021 -0300
 
    posix: consume less entropy on tempname
    
    The first getrandom is used only for __GT_NOCREATE, which is inherently
    insecure and can use the entropy as a small improvement.  On the
    second and later attempts it might help against DoS attacks.
    
    It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.
    
    Checked on x86_64-linux-gnu.
 
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
index fcab9b26364021e4..3435c4bf75a01f42 100644
--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
@@ -22,6 +22,7 @@
 
 #include <sys/types.h>
 #include <assert.h>
+#include <stdbool.h>
 
 #include <errno.h>
 
@@ -79,11 +80,11 @@ typedef uint_fast64_t random_value;
 #define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
 
 static random_value
-random_bits (random_value var)
+random_bits (random_value var, bool use_getrandom)
 {
   random_value r;
   /* Without GRND_NONBLOCK it can be blocked for minutes on some systems.  */
-  if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
+  if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
     return r;
 #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
   /* Add entropy if getrandom did not work.  */
@@ -271,6 +272,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
   /* How many random base-62 digits can currently be extracted from V.  */
   int vdigits = 0;
 
+  /* Whether to consume entropy when acquiring random bits.  On the
+     first try it's worth the entropy cost with __GT_NOCREATE, which
+     is inherently insecure and can use the entropy to make it a bit
+     less secure.  On the (rare) second and later attempts it might
+     help against DoS attacks.  */
+  bool use_getrandom = tryfunc == try_nocreate;
+
   /* Least unfair value for V.  If V is less than this, V can generate
      BASE_62_DIGITS digits fairly.  Otherwise it might be biased.  */
   random_value const unfair_min
@@ -294,7 +302,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
           if (vdigits == 0)
             {
               do
-                v = random_bits (v);
+                {
+                  v = random_bits (v, use_getrandom);
+                  use_getrandom = true;
+                }
               while (unfair_min <= v);
 
               vdigits = BASE_62_DIGITS;

	commit f430293d842031f2afc3013f156e1018065e480e
	Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
	Date: Tue Jan 12 09:17:09 2021 -0300

	posix: consume less entropy on tempname

	The first getrandom is used only for __GT_NOCREATE, which is inherently
	insecure and can use the entropy as a small improvement. On the
	second and later attempts it might help against DoS attacks.

	It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.

	Checked on x86_64-linux-gnu.

	diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
	index fcab9b26364021e4..3435c4bf75a01f42 100644
	--- a/sysdeps/posix/tempname.c
	+++ b/sysdeps/posix/tempname.c
	@@ -22,6 +22,7 @@

	#include <sys/types.h>
	#include <assert.h>
	+#include <stdbool.h>

	#include <errno.h>

	@@ -79,11 +80,11 @@ typedef uint_fast64_t random_value;
	#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)

	static random_value
	-random_bits (random_value var)
	+random_bits (random_value var, bool use_getrandom)
	{
	random_value r;
	/* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
	- if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
	+ if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
	return r;
	#if _LIBC \|\| (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
	/* Add entropy if getrandom did not work. */
	@@ -271,6 +272,13 @@ try_tempname_len (char tmpl, int suffixlen, void args,
	/* How many random base-62 digits can currently be extracted from V. */
	int vdigits = 0;

	+ /* Whether to consume entropy when acquiring random bits. On the
	+ first try it's worth the entropy cost with __GT_NOCREATE, which
	+ is inherently insecure and can use the entropy to make it a bit
	+ less secure. On the (rare) second and later attempts it might
	+ help against DoS attacks. */
	+ bool use_getrandom = tryfunc == try_nocreate;
	+
	/* Least unfair value for V. If V is less than this, V can generate
	BASE_62_DIGITS digits fairly. Otherwise it might be biased. */
	random_value const unfair_min
	@@ -294,7 +302,10 @@ try_tempname_len (char tmpl, int suffixlen, void args,
	if (vdigits == 0)
	{
	do
	- v = random_bits (v);
	+ {
	+ v = random_bits (v, use_getrandom);
	+ use_getrandom = true;
	+ }
	while (unfair_min <= v);

	vdigits = BASE_62_DIGITS;

rpms / glibc

Source Code

Files