diff options
author | Tom Sepez <tsepez@chromium.org> | 2017-09-08 10:18:37 -0700 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-09-08 17:37:10 +0000 |
commit | e8b3e0cdcea319abf82639edb5e074ff94c4d66c (patch) | |
tree | ef41a1e8955acd12d92d1635b5e35ff9914efb3d /core/fxcrt/fx_random.cpp | |
parent | 808b52ac76bb5d9ee3e6a8371ddab25f62c8ed51 (diff) | |
download | pdfium-e8b3e0cdcea319abf82639edb5e074ff94c4d66c.tar.xz |
Fix one-second spin in fx_random.cpp
Take seed generation logic from base's address_space_randomization.cc.
One small tweak is to avoid the bottom three bits of a stack address and
invert, to make leaking ASLR more difficult along the lines of the
freelist masking in base's partition allocator. Another tweak is to
mix in some more time-based information. Another tweak is to add in
the times called so that rapid successive calls return different results.
Bug: pdfium:891
Change-Id: I14238da15cee9c8d4ca72d79e4f7fbb26997c619
Reviewed-on: https://pdfium-review.googlesource.com/13490
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcrt/fx_random.cpp')
-rw-r--r-- | core/fxcrt/fx_random.cpp | 101 |
1 files changed, 46 insertions, 55 deletions
diff --git a/core/fxcrt/fx_random.cpp b/core/fxcrt/fx_random.cpp index 866a7a97ef..483a56bbf4 100644 --- a/core/fxcrt/fx_random.cpp +++ b/core/fxcrt/fx_random.cpp @@ -19,86 +19,85 @@ #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ #include <wincrypt.h> #else // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ -#include <ctime> +#include <sys/time.h> +#include <unistd.h> #endif // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ namespace { struct MTContext { - MTContext() { - mti = MT_N + 1; - bHaveSeed = false; - } - uint32_t mti; - bool bHaveSeed; uint32_t mt[MT_N]; }; +bool g_bHaveGlobalSeed = false; +uint32_t g_nGlobalSeed = 0; + #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ -bool GenerateCryptoRandom(uint32_t* pBuffer, int32_t iCount) { +bool GenerateSeedFromCryptoRandom(uint32_t* pSeed) { HCRYPTPROV hCP = 0; if (!::CryptAcquireContext(&hCP, nullptr, nullptr, PROV_RSA_FULL, 0) || !hCP) { return false; } - ::CryptGenRandom(hCP, iCount * sizeof(uint32_t), - reinterpret_cast<uint8_t*>(pBuffer)); + ::CryptGenRandom(hCP, sizeof(uint32_t), reinterpret_cast<uint8_t*>(pSeed)); ::CryptReleaseContext(hCP, 0); return true; } #endif -void Random_GenerateBase(uint32_t* pBuffer, int32_t iCount) { +uint32_t GenerateSeedFromEnvironment() { + char c; + uintptr_t p = reinterpret_cast<uintptr_t>(&c); + uint32_t seed = ~static_cast<uint32_t>(p >> 3); #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ - SYSTEMTIME st1, st2; - ::GetSystemTime(&st1); - do { - ::GetSystemTime(&st2); - } while (memcmp(&st1, &st2, sizeof(SYSTEMTIME)) == 0); - uint32_t dwHash1 = - FX_HashCode_GetA(CFX_ByteStringC((uint8_t*)&st1, sizeof(st1)), true); - uint32_t dwHash2 = - FX_HashCode_GetA(CFX_ByteStringC((uint8_t*)&st2, sizeof(st2)), true); - ::srand((dwHash1 << 16) | (uint32_t)dwHash2); -#else - time_t tmLast = time(nullptr); - time_t tmCur; - while ((tmCur = time(nullptr)) == tmLast) - continue; - - ::srand((tmCur << 16) | (tmLast & 0xFFFF)); -#endif - while (iCount-- > 0) - *pBuffer++ = static_cast<uint32_t>((::rand() << 16) | (::rand() & 0xFFFF)); + SYSTEMTIME st; + GetSystemTime(&st); + seed ^= static_cast<uint32_t>(st.wSecond) * 1000000; + seed ^= static_cast<uint32_t>(st.wMilliseconds) * 1000; + seed ^= GetCurrentProcessId(); +#else // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ + struct timeval tv; + gettimeofday(&tv, 0); + seed ^= static_cast<uint32_t>(tv.tv_sec) * 1000000; + seed ^= static_cast<uint32_t>(tv.tv_usec); + seed ^= static_cast<uint32_t>(getpid()); +#endif // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ + return seed; +} + +void* ContextFromNextGlobalSeed() { + if (!g_bHaveGlobalSeed) { +#if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ + if (!GenerateSeedFromCryptoRandom(&g_nGlobalSeed)) + g_nGlobalSeed = GenerateSeedFromEnvironment(); +#else // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ + g_nGlobalSeed = GenerateSeedFromEnvironment(); +#endif // _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ + g_bHaveGlobalSeed = true; + } + return FX_Random_MT_Start(++g_nGlobalSeed); } } // namespace void* FX_Random_MT_Start(uint32_t dwSeed) { MTContext* pContext = FX_Alloc(MTContext, 1); - pContext->mt[0] = dwSeed; - uint32_t& i = pContext->mti; uint32_t* pBuf = pContext->mt; - for (i = 1; i < MT_N; i++) + pBuf[0] = dwSeed; + for (uint32_t i = 1; i < MT_N; i++) pBuf[i] = (1812433253UL * (pBuf[i - 1] ^ (pBuf[i - 1] >> 30)) + i); - pContext->bHaveSeed = true; + pContext->mti = MT_N; return pContext; } uint32_t FX_Random_MT_Generate(void* pContext) { - ASSERT(pContext); - MTContext* pMTC = static_cast<MTContext*>(pContext); - uint32_t v; - static uint32_t mag[2] = {0, MT_Matrix_A}; - uint32_t& mti = pMTC->mti; uint32_t* pBuf = pMTC->mt; - if ((int)mti < 0 || mti >= MT_N) { - if (mti > MT_N && !pMTC->bHaveSeed) - return 0; - + uint32_t v; + if (pMTC->mti >= MT_N) { + static const uint32_t mag[2] = {0, MT_Matrix_A}; uint32_t kk; for (kk = 0; kk < MT_N - MT_M; kk++) { v = (pBuf[kk] & MT_Upper_Mask) | (pBuf[kk + 1] & MT_Lower_Mask); @@ -110,9 +109,9 @@ uint32_t FX_Random_MT_Generate(void* pContext) { } v = (pBuf[MT_N - 1] & MT_Upper_Mask) | (pBuf[0] & MT_Lower_Mask); pBuf[MT_N - 1] = pBuf[MT_M - 1] ^ (v >> 1) ^ mag[v & 1]; - mti = 0; + pMTC->mti = 0; } - v = pBuf[mti++]; + v = pBuf[pMTC->mti++]; v ^= (v >> 11); v ^= (v << 7) & 0x9d2c5680UL; v ^= (v << 15) & 0xefc60000UL; @@ -121,19 +120,11 @@ uint32_t FX_Random_MT_Generate(void* pContext) { } void FX_Random_MT_Close(void* pContext) { - ASSERT(pContext); FX_Free(pContext); } void FX_Random_GenerateMT(uint32_t* pBuffer, int32_t iCount) { - uint32_t dwSeed; -#if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ - if (!GenerateCryptoRandom(&dwSeed, 1)) - Random_GenerateBase(&dwSeed, 1); -#else - Random_GenerateBase(&dwSeed, 1); -#endif - void* pContext = FX_Random_MT_Start(dwSeed); + void* pContext = ContextFromNextGlobalSeed(); while (iCount-- > 0) *pBuffer++ = FX_Random_MT_Generate(pContext); |