summaryrefslogtreecommitdiff
path: root/core/fxcrt/fx_random.cpp
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2017-09-08 10:18:37 -0700
committerChromium commit bot <commit-bot@chromium.org>2017-09-08 17:37:10 +0000
commite8b3e0cdcea319abf82639edb5e074ff94c4d66c (patch)
treeef41a1e8955acd12d92d1635b5e35ff9914efb3d /core/fxcrt/fx_random.cpp
parent808b52ac76bb5d9ee3e6a8371ddab25f62c8ed51 (diff)
downloadpdfium-e8b3e0cdcea319abf82639edb5e074ff94c4d66c.tar.xz
Fix one-second spin in fx_random.cpp
Take seed generation logic from base's address_space_randomization.cc. One small tweak is to avoid the bottom three bits of a stack address and invert, to make leaking ASLR more difficult along the lines of the freelist masking in base's partition allocator. Another tweak is to mix in some more time-based information. Another tweak is to add in the times called so that rapid successive calls return different results. Bug: pdfium:891 Change-Id: I14238da15cee9c8d4ca72d79e4f7fbb26997c619 Reviewed-on: https://pdfium-review.googlesource.com/13490 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcrt/fx_random.cpp')
-rw-r--r--core/fxcrt/fx_random.cpp101
1 files changed, 46 insertions, 55 deletions
diff --git a/core/fxcrt/fx_random.cpp b/core/fxcrt/fx_random.cpp
index 866a7a97ef..483a56bbf4 100644
--- a/core/fxcrt/fx_random.cpp
+++ b/core/fxcrt/fx_random.cpp
@@ -19,86 +19,85 @@
#if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
#include <wincrypt.h>
#else // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
-#include <ctime>
+#include <sys/time.h>
+#include <unistd.h>
#endif // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
namespace {
struct MTContext {
- MTContext() {
- mti = MT_N + 1;
- bHaveSeed = false;
- }
-
uint32_t mti;
- bool bHaveSeed;
uint32_t mt[MT_N];
};
+bool g_bHaveGlobalSeed = false;
+uint32_t g_nGlobalSeed = 0;
+
#if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
-bool GenerateCryptoRandom(uint32_t* pBuffer, int32_t iCount) {
+bool GenerateSeedFromCryptoRandom(uint32_t* pSeed) {
HCRYPTPROV hCP = 0;
if (!::CryptAcquireContext(&hCP, nullptr, nullptr, PROV_RSA_FULL, 0) ||
!hCP) {
return false;
}
- ::CryptGenRandom(hCP, iCount * sizeof(uint32_t),
- reinterpret_cast<uint8_t*>(pBuffer));
+ ::CryptGenRandom(hCP, sizeof(uint32_t), reinterpret_cast<uint8_t*>(pSeed));
::CryptReleaseContext(hCP, 0);
return true;
}
#endif
-void Random_GenerateBase(uint32_t* pBuffer, int32_t iCount) {
+uint32_t GenerateSeedFromEnvironment() {
+ char c;
+ uintptr_t p = reinterpret_cast<uintptr_t>(&c);
+ uint32_t seed = ~static_cast<uint32_t>(p >> 3);
#if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
- SYSTEMTIME st1, st2;
- ::GetSystemTime(&st1);
- do {
- ::GetSystemTime(&st2);
- } while (memcmp(&st1, &st2, sizeof(SYSTEMTIME)) == 0);
- uint32_t dwHash1 =
- FX_HashCode_GetA(CFX_ByteStringC((uint8_t*)&st1, sizeof(st1)), true);
- uint32_t dwHash2 =
- FX_HashCode_GetA(CFX_ByteStringC((uint8_t*)&st2, sizeof(st2)), true);
- ::srand((dwHash1 << 16) | (uint32_t)dwHash2);
-#else
- time_t tmLast = time(nullptr);
- time_t tmCur;
- while ((tmCur = time(nullptr)) == tmLast)
- continue;
-
- ::srand((tmCur << 16) | (tmLast & 0xFFFF));
-#endif
- while (iCount-- > 0)
- *pBuffer++ = static_cast<uint32_t>((::rand() << 16) | (::rand() & 0xFFFF));
+ SYSTEMTIME st;
+ GetSystemTime(&st);
+ seed ^= static_cast<uint32_t>(st.wSecond) * 1000000;
+ seed ^= static_cast<uint32_t>(st.wMilliseconds) * 1000;
+ seed ^= GetCurrentProcessId();
+#else // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
+ struct timeval tv;
+ gettimeofday(&tv, 0);
+ seed ^= static_cast<uint32_t>(tv.tv_sec) * 1000000;
+ seed ^= static_cast<uint32_t>(tv.tv_usec);
+ seed ^= static_cast<uint32_t>(getpid());
+#endif // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
+ return seed;
+}
+
+void* ContextFromNextGlobalSeed() {
+ if (!g_bHaveGlobalSeed) {
+#if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
+ if (!GenerateSeedFromCryptoRandom(&g_nGlobalSeed))
+ g_nGlobalSeed = GenerateSeedFromEnvironment();
+#else // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
+ g_nGlobalSeed = GenerateSeedFromEnvironment();
+#endif // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
+ g_bHaveGlobalSeed = true;
+ }
+ return FX_Random_MT_Start(++g_nGlobalSeed);
}
} // namespace
void* FX_Random_MT_Start(uint32_t dwSeed) {
MTContext* pContext = FX_Alloc(MTContext, 1);
- pContext->mt[0] = dwSeed;
- uint32_t& i = pContext->mti;
uint32_t* pBuf = pContext->mt;
- for (i = 1; i < MT_N; i++)
+ pBuf[0] = dwSeed;
+ for (uint32_t i = 1; i < MT_N; i++)
pBuf[i] = (1812433253UL * (pBuf[i - 1] ^ (pBuf[i - 1] >> 30)) + i);
- pContext->bHaveSeed = true;
+ pContext->mti = MT_N;
return pContext;
}
uint32_t FX_Random_MT_Generate(void* pContext) {
- ASSERT(pContext);
-
MTContext* pMTC = static_cast<MTContext*>(pContext);
- uint32_t v;
- static uint32_t mag[2] = {0, MT_Matrix_A};
- uint32_t& mti = pMTC->mti;
uint32_t* pBuf = pMTC->mt;
- if ((int)mti < 0 || mti >= MT_N) {
- if (mti > MT_N && !pMTC->bHaveSeed)
- return 0;
-
+ uint32_t v;
+ if (pMTC->mti >= MT_N) {
+ static const uint32_t mag[2] = {0, MT_Matrix_A};
uint32_t kk;
for (kk = 0; kk < MT_N - MT_M; kk++) {
v = (pBuf[kk] & MT_Upper_Mask) | (pBuf[kk + 1] & MT_Lower_Mask);
@@ -110,9 +109,9 @@ uint32_t FX_Random_MT_Generate(void* pContext) {
}
v = (pBuf[MT_N - 1] & MT_Upper_Mask) | (pBuf[0] & MT_Lower_Mask);
pBuf[MT_N - 1] = pBuf[MT_M - 1] ^ (v >> 1) ^ mag[v & 1];
- mti = 0;
+ pMTC->mti = 0;
}
- v = pBuf[mti++];
+ v = pBuf[pMTC->mti++];
v ^= (v >> 11);
v ^= (v << 7) & 0x9d2c5680UL;
v ^= (v << 15) & 0xefc60000UL;
@@ -121,19 +120,11 @@ uint32_t FX_Random_MT_Generate(void* pContext) {
}
void FX_Random_MT_Close(void* pContext) {
- ASSERT(pContext);
FX_Free(pContext);
}
void FX_Random_GenerateMT(uint32_t* pBuffer, int32_t iCount) {
- uint32_t dwSeed;
-#if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
- if (!GenerateCryptoRandom(&dwSeed, 1))
- Random_GenerateBase(&dwSeed, 1);
-#else
- Random_GenerateBase(&dwSeed, 1);
-#endif
- void* pContext = FX_Random_MT_Start(dwSeed);
+ void* pContext = ContextFromNextGlobalSeed();
while (iCount-- > 0)
*pBuffer++ = FX_Random_MT_Generate(pContext);