commit 38dedefe66680a4ff865ef5a33e1725e53fb3abb
author android-build-team Robot <android-build-team-robot@google.com> Tue Oct 02 22:07:44 2018 +0000
committer android-build-team Robot <android-build-team-robot@google.com> Tue Oct 02 22:07:44 2018 +0000
tree 1fc465374879a38ef7b2a0d8e7af92f70dabf810
parent 98cf6e66aabb931334f01118c87799f81d04a032
parent 41f76a6311dada02120693206cb8e2e411f7ce29

Snap for 5044688 from 41f76a6311dada02120693206cb8e2e411f7ce29 to pi-qpr2-release

Change-Id: I3103d9aaa0a94e1a07d05e3878f3cb6f0cca4ca7

Modules/expat/xmlparse.c

diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index 4128387..3f0939e 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -2,6 +2,20 @@
    See the file COPYING for copying permission.
 */
 
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>                     /* memset(), memcpy() */
+#include <assert.h>
+#include <limits.h>                     /* UINT_MAX */
+
+#ifdef COMPILED_FROM_DSP
+#define getpid GetCurrentProcessId
+#else
+#include <sys/time.h>                   /* gettimeofday() */
+#include <sys/types.h>                  /* getpid() */
+#include <unistd.h>                     /* getpid() */
+#endif
+
 #define XML_BUILDING_EXPAT 1
 
 #ifdef COMPILED_FROM_DSP
@@ -16,12 +30,6 @@
 #include <expat_config.h>
 #endif /* ndef COMPILED_FROM_DSP */
 
-#include <stddef.h>
-#include <string.h>                     /* memset(), memcpy() */
-#include <assert.h>
-#include <limits.h>                     /* UINT_MAX */
-#include <time.h>                       /* time() */
-
 #include "ascii.h"
 #include "expat.h"
 
@@ -432,7 +440,7 @@
 getElementType(XML_Parser parser, const ENCODING *enc,
                const char *ptr, const char *end);
 
-static unsigned long generate_hash_secret_salt(void);
+static unsigned long generate_hash_secret_salt(XML_Parser parser);
 static XML_Bool startParsing(XML_Parser parser);
 
 static XML_Parser
@@ -691,11 +699,38 @@
 };
 
 static unsigned long
-generate_hash_secret_salt(void)
+gather_time_entropy(void)
 {
-  unsigned int seed = time(NULL) % UINT_MAX;
-  srand(seed);
-  return rand();
+#ifdef COMPILED_FROM_DSP
+  FILETIME ft;
+  GetSystemTimeAsFileTime(&ft); /* never fails */
+  return ft.dwHighDateTime ^ ft.dwLowDateTime;
+#else
+  struct timeval tv;
+  int gettimeofday_res;
+
+  gettimeofday_res = gettimeofday(&tv, NULL);
+  assert (gettimeofday_res == 0);
+
+  /* Microseconds time is <20 bits entropy */
+  return tv.tv_usec;
+#endif
+}
+
+static unsigned long
+generate_hash_secret_salt(XML_Parser parser)
+{
+  /* Process ID is 0 bits entropy if attacker has local access
+   * XML_Parser address is few bits of entropy if attacker has local access */
+  const unsigned long entropy =
+      gather_time_entropy() ^ getpid() ^ (uintptr_t)parser;
+
+  /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
+  if (sizeof(unsigned long) == 4) {
+    return entropy * 2147483647;
+  } else {
+    return entropy * 2305843009213693951;
+  }
 }
 
 static XML_Bool  /* only valid for root parser */
@@ -703,7 +738,7 @@
 {
     /* hash functions must be initialized before setContext() is called */
     if (hash_secret_salt == 0)
-      hash_secret_salt = generate_hash_secret_salt();
+      hash_secret_salt = generate_hash_secret_salt(parser);
     if (ns) {
       /* implicit context only set for root parser, since child
          parsers (i.e. external entity parsers) will inherit it