metalefty/glibc
1
0
Fork 0
forked from rpms/glibc
Code Pull Requests Activity

Auto sync2gitlab import of glibc-2.28-204.el8.src.rpm

Browse Source
This commit is contained in:
CentOS Sources 2022-06-08 10:11:18 +00:00
parent 2ab608c566
commit d3b60c3414
7 changed files with 734 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
glibc-rh2089247-1.patch Normal file
View File

@ -0,0 +1,47 @@
commit e1df30fbc2e2167a982c0e77a7ebee28f4dd0800
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu Jul 25 11:22:17 2019 -0300
Get new entropy on each attempt __gen_tempname (BZ #15813)
This is missing bit for fully fix BZ#15813 (the other two were fixed
by 359653aaacad463).
Checked on x86_64-linux-gnu.
[BZ #15813]
sysdeps/posix/tempname.c (__gen_tempname): get entrypy on each
attempt.
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
index 3d26f378021680ae..61d7a9f36d37abae 100644
--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
@@ -186,7 +186,6 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
{
int len;
char *XXXXXX;
- uint64_t value;
unsigned int count;
int fd = -1;
int save_errno = errno;
@@ -218,13 +217,13 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
/* This is where the Xs start. */
XXXXXX = &tmpl[len - 6 - suffixlen];
- /* Get some more or less random data. */
- RANDOM_BITS (value);
- value ^= (uint64_t)__getpid () << 32;
-
- for (count = 0; count < attempts; value += 7777, ++count)
+ uint64_t pid = (uint64_t) __getpid () << 32;
+ for (count = 0; count < attempts; ++count)
{
- uint64_t v = value;
+ uint64_t v;
+ /* Get some more or less random data. */
+ RANDOM_BITS (v);
+ v ^= pid;
/* Fill in the random bits. */
XXXXXX[0] = letters[v % 62];

87
glibc-rh2089247-2.patch Normal file
View File

@ -0,0 +1,87 @@
commit 8eaf34eda256ba3647ed6e7ed5c7c9aa19955d17
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Fri Dec 13 10:10:59 2019 +0100
hurd: Fix local PLT
* include/sys/random.h (__getrandom): Add hidden prototype.
* stdlib/getrandom.c (getrandom): Rename to hidden definition __getrandom.
Add weak alias.
* sysdeps/mach/hurd/getrandom.c (getrandom): Likewise.
* sysdeps/unix/sysv/linux/getrandom.c (getrandom): Likewise.
* sysdeps/mach/hurd/getentropy.c (getentropy): Use __getrandom instead of
getrandom.
Conflicts:
include/sys/random.h
(Missing backport of include/ consistency patch,
commit ebd32784ce2029d0461a90a79bc4e37f8d051765 upstream.)
sysdeps/mach/hurd/getentropy.c
(Hurd change has been dropped.)
sysdeps/unix/sysv/linux/dl-write.c
(Mismerge of sysdeps/mach/hurd/getrandom.c.)
diff --git a/include/sys/random.h b/include/sys/random.h
new file mode 100644
index 0000000000000000..6aa313d35dbdce8a
--- /dev/null
+++ b/include/sys/random.h
@@ -0,0 +1,11 @@
+#ifndef _SYS_RANDOM_H
+#include <stdlib/sys/random.h>
+
+# ifndef _ISOMAC
+
+extern ssize_t __getrandom (void *__buffer, size_t __length,
+ unsigned int __flags) __wur;
+libc_hidden_proto (__getrandom)
+
+# endif /* !_ISOMAC */
+#endif
diff --git a/stdlib/getrandom.c b/stdlib/getrandom.c
index 45234bea17c5c86c..f8056688e40a0215 100644
--- a/stdlib/getrandom.c
+++ b/stdlib/getrandom.c
@@ -22,10 +22,12 @@
/* Write up to LENGTH bytes of randomness starting at BUFFER.
Return the number of bytes written, or -1 on error. */
ssize_t
-getrandom (void *buffer, size_t length, unsigned int flags)
+__getrandom (void *buffer, size_t length, unsigned int flags)
{
__set_errno (ENOSYS);
return -1;
}
-
stub_warning (getrandom)
+
+libc_hidden_def (__getrandom)
+weak_alias (__getrandom, getrandom)
diff --git a/sysdeps/unix/sysv/linux/getrandom.c b/sysdeps/unix/sysv/linux/getrandom.c
index 435b037399665654..e34d7fdcd89d9b06 100644
--- a/sysdeps/unix/sysv/linux/getrandom.c
+++ b/sysdeps/unix/sysv/linux/getrandom.c
@@ -25,7 +25,7 @@
/* Write up to LENGTH bytes of randomness starting at BUFFER.
Return the number of bytes written, or -1 on error. */
ssize_t
-getrandom (void *buffer, size_t length, unsigned int flags)
+__getrandom (void *buffer, size_t length, unsigned int flags)
{
return SYSCALL_CANCEL (getrandom, buffer, length, flags);
}
@@ -33,7 +33,7 @@ getrandom (void *buffer, size_t length, unsigned int flags)
/* Always provide a definition, even if the kernel headers lack the
system call number. */
ssize_t
-getrandom (void *buffer, size_t length, unsigned int flags)
+__getrandom (void *buffer, size_t length, unsigned int flags)
{
/* Ideally, we would add a cancellation point here, but we currently
cannot do so inside libc. */
@@ -41,3 +41,5 @@ getrandom (void *buffer, size_t length, unsigned int flags)
return -1;
}
#endif
+libc_hidden_def (__getrandom)
+weak_alias (__getrandom, getrandom)

67
glibc-rh2089247-3.patch Normal file
View File

@ -0,0 +1,67 @@
Partial backport of:
commit 04986243d1af37ac0177ed2f9db0a066ebd2b212
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Wed Jul 15 19:35:58 2020 +0000
Remove internal usage of extensible stat functions
It replaces the internal usage of __{f,l}xstat{at}{64} with the
__{f,l}stat{at}{64}. It should not change the generate code since
sys/stat.h explicit defines redirections to internal calls back to
xstat* symbols.
Checked with a build for all affected ABIs. I also check on
x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Only the changes to include/sys/stat.h and sysdeps/posix/tempname.c
are included here.
diff --git a/include/sys/stat.h b/include/sys/stat.h
index b82d4527801d4797..c5b1938b87c9c5c3 100644
--- a/include/sys/stat.h
+++ b/include/sys/stat.h
@@ -52,6 +52,7 @@ extern __typeof (__fxstatat64) __fxstatat64 attribute_hidden;
#define lstat64(fname, buf) __lxstat64 (_STAT_VER, fname, buf)
#define __lstat64(fname, buf) __lxstat64 (_STAT_VER, fname, buf)
#define stat64(fname, buf) __xstat64 (_STAT_VER, fname, buf)
+#define __stat64(fname, buf) __xstat64 (_STAT_VER, fname, buf)
#define fstat64(fd, buf) __fxstat64 (_STAT_VER, fd, buf)
#define __fstat64(fd, buf) __fxstat64 (_STAT_VER, fd, buf)
#define fstat(fd, buf) __fxstat (_STAT_VER, fd, buf)
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
index 61d7a9f36d37abae..a7b404cf4410cb00 100644
--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
@@ -66,7 +66,6 @@
# define __gettimeofday gettimeofday
# define __mkdir mkdir
# define __open open
-# define __lxstat64(version, file, buf) lstat (file, buf)
# define __secure_getenv secure_getenv
#endif
@@ -97,7 +96,7 @@ static int
direxists (const char *dir)
{
struct_stat64 buf;
- return __xstat64 (_STAT_VER, dir, &buf) == 0 && S_ISDIR (buf.st_mode);
+ return __stat64 (dir, &buf) == 0 && S_ISDIR (buf.st_mode);
}
/* Path search algorithm, for tmpnam, tmpfile, etc. If DIR is
@@ -252,10 +251,10 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
case __GT_NOCREATE:
/* This case is backward from the other three. __gen_tempname
- succeeds if __xstat fails because the name does not exist.
+ succeeds if lstat fails because the name does not exist.
Note the continue to bypass the common logic at the bottom
of the loop. */
- if (__lxstat64 (_STAT_VER, tmpl, &st) < 0)
+ if (__lstat64 (tmpl, &st) < 0)
{
if (errno == ENOENT)
{

440
glibc-rh2089247-4.patch Normal file
View File

@ -0,0 +1,440 @@
commit 4dddd7e9cbecad4aa03ee5a9b9edb596e3d4e909
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Sep 29 08:56:07 2020 -0300
posix: Sync tempname with gnulib [BZ #26648]
It syncs with gnulib commit b1268f22f443e8e4b9e. The try_tempname_len
now uses getrandom on each iteration to get entropy and only uses the
clock plus ASLR as source of entropy if getrandom fails.
Checked on x86_64-linux-gnu and i686-linux-gnu.
Conflicts:
sysdeps/posix/tempname.c
(Missing tree-wide __gettimeofday to clock_gettime change,
commit 4a39c34c4f85de57fb4e648cfa1e774437d69680 upstream.
File was rebased to the upstream version.)
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
index a7b404cf4410cb00..f199b25a7a227751 100644
--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1991-2018 Free Software Foundation, Inc.
+/* Copyright (C) 1991-2021 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -13,10 +13,10 @@
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
- <http://www.gnu.org/licenses/>. */
+ <https://www.gnu.org/licenses/>. */
#if !_LIBC
-# include <config.h>
+# include <libc-config.h>
# include "tempname.h"
#endif
@@ -24,9 +24,6 @@
#include <assert.h>
#include <errno.h>
-#ifndef __set_errno
-# define __set_errno(Val) errno = (Val)
-#endif
#include <stdio.h>
#ifndef P_tmpdir
@@ -36,12 +33,12 @@
# define TMP_MAX 238328
#endif
#ifndef __GT_FILE
-# define __GT_FILE 0
-# define __GT_DIR 1
-# define __GT_NOCREATE 2
+# define __GT_FILE 0
+# define __GT_DIR 1
+# define __GT_NOCREATE 2
#endif
-#if !_LIBC && (GT_FILE != __GT_FILE || GT_DIR != __GT_DIR \
- || GT_NOCREATE != __GT_NOCREATE)
+#if !_LIBC && (GT_FILE != __GT_FILE || GT_DIR != __GT_DIR \
+ || GT_NOCREATE != __GT_NOCREATE)
# error report this to bug-gnulib@gnu.org
#endif
@@ -50,11 +47,11 @@
#include <string.h>
#include <fcntl.h>
-#include <sys/time.h>
+#include <stdalign.h>
#include <stdint.h>
-#include <unistd.h>
-
+#include <sys/random.h>
#include <sys/stat.h>
+#include <time.h>
#if _LIBC
# define struct_stat64 struct stat64
@@ -62,33 +59,38 @@
#else
# define struct_stat64 struct stat
# define __gen_tempname gen_tempname
-# define __getpid getpid
-# define __gettimeofday gettimeofday
# define __mkdir mkdir
# define __open open
-# define __secure_getenv secure_getenv
+# define __lstat64(file, buf) lstat (file, buf)
+# define __stat64(file, buf) stat (file, buf)
+# define __getrandom getrandom
+# define __clock_gettime64 clock_gettime
+# define __timespec64 timespec
#endif
-#ifdef _LIBC
-# include <random-bits.h>
-# define RANDOM_BITS(Var) ((Var) = random_bits ())
-# else
-# define RANDOM_BITS(Var) \
- { \
- struct timeval tv; \
- __gettimeofday (&tv, NULL); \
- (Var) = ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec; \
- }
-#endif
+/* Use getrandom if it works, falling back on a 64-bit linear
+ congruential generator that starts with Var's value
+ mixed in with a clock's low-order bits if available. */
+typedef uint_fast64_t random_value;
+#define RANDOM_VALUE_MAX UINT_FAST64_MAX
+#define BASE_62_DIGITS 10 /* 62**10 < UINT_FAST64_MAX */
+#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
-/* Use the widest available unsigned type if uint64_t is not
- available. The algorithm below extracts a number less than 62**6
- (approximately 2**35.725) from uint64_t, so ancient hosts where
- uintmax_t is only 32 bits lose about 3.725 bits of randomness,
- which is better than not having mkstemp at all. */
-#if !defined UINT64_MAX && !defined uint64_t
-# define uint64_t uintmax_t
+static random_value
+random_bits (random_value var)
+{
+ random_value r;
+ /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
+ if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
+ return r;
+#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
+ /* Add entropy if getrandom did not work. */
+ struct __timespec64 tv;
+ __clock_gettime64 (CLOCK_MONOTONIC, &tv);
+ var ^= tv.tv_nsec;
#endif
+ return 2862933555777941757 * var + 3037000493;
+}
#if _LIBC
/* Return nonzero if DIR is an existent directory. */
@@ -107,7 +109,7 @@ direxists (const char *dir)
enough space in TMPL. */
int
__path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
- int try_tmpdir)
+ int try_tmpdir)
{
const char *d;
size_t dlen, plen;
@@ -121,35 +123,35 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
{
plen = strlen (pfx);
if (plen > 5)
- plen = 5;
+ plen = 5;
}
if (try_tmpdir)
{
d = __secure_getenv ("TMPDIR");
if (d != NULL && direxists (d))
- dir = d;
+ dir = d;
else if (dir != NULL && direxists (dir))
- /* nothing */ ;
+ /* nothing */ ;
else
- dir = NULL;
+ dir = NULL;
}
if (dir == NULL)
{
if (direxists (P_tmpdir))
- dir = P_tmpdir;
+ dir = P_tmpdir;
else if (strcmp (P_tmpdir, "/tmp") != 0 && direxists ("/tmp"))
- dir = "/tmp";
+ dir = "/tmp";
else
- {
- __set_errno (ENOENT);
- return -1;
- }
+ {
+ __set_errno (ENOENT);
+ return -1;
+ }
}
dlen = strlen (dir);
while (dlen > 1 && dir[dlen - 1] == '/')
- dlen--; /* remove trailing slashes */
+ dlen--; /* remove trailing slashes */
/* check we have room for "${dir}/${pfx}XXXXXX\0" */
if (tmpl_len < dlen + 1 + plen + 6 + 1)
@@ -163,39 +165,91 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
}
#endif /* _LIBC */
+#if _LIBC
+static int try_tempname_len (char *, int, void *, int (*) (char *, void *),
+ size_t);
+#endif
+
+static int
+try_file (char *tmpl, void *flags)
+{
+ int *openflags = flags;
+ return __open (tmpl,
+ (*openflags & ~O_ACCMODE)
+ | O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
+}
+
+static int
+try_dir (char *tmpl, void *flags _GL_UNUSED)
+{
+ return __mkdir (tmpl, S_IRUSR | S_IWUSR | S_IXUSR);
+}
+
+static int
+try_nocreate (char *tmpl, void *flags _GL_UNUSED)
+{
+ struct_stat64 st;
+
+ if (__lstat64 (tmpl, &st) == 0 || errno == EOVERFLOW)
+ __set_errno (EEXIST);
+ return errno == ENOENT ? 0 : -1;
+}
+
/* These are the characters used in temporary file names. */
static const char letters[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
/* Generate a temporary file name based on TMPL. TMPL must match the
- rules for mk[s]temp (i.e. end in "XXXXXX", possibly with a suffix).
+ rules for mk[s]temp (i.e., end in at least X_SUFFIX_LEN "X"s,
+ possibly with a suffix).
The name constructed does not exist at the time of the call to
- __gen_tempname. TMPL is overwritten with the result.
+ this function. TMPL is overwritten with the result.
KIND may be one of:
- __GT_NOCREATE: simply verify that the name does not exist
- at the time of the call.
- __GT_FILE: create the file using open(O_CREAT|O_EXCL)
- and return a read-write fd. The file is mode 0600.
- __GT_DIR: create a directory, which will be mode 0700.
+ __GT_NOCREATE: simply verify that the name does not exist
+ at the time of the call.
+ __GT_FILE: create the file using open(O_CREAT|O_EXCL)
+ and return a read-write fd. The file is mode 0600.
+ __GT_DIR: create a directory, which will be mode 0700.
We use a clever algorithm to get hard-to-predict names. */
+#ifdef _LIBC
+static
+#endif
int
-__gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+gen_tempname_len (char *tmpl, int suffixlen, int flags, int kind,
+ size_t x_suffix_len)
{
- int len;
+ static int (*const tryfunc[]) (char *, void *) =
+ {
+ [__GT_FILE] = try_file,
+ [__GT_DIR] = try_dir,
+ [__GT_NOCREATE] = try_nocreate
+ };
+ return try_tempname_len (tmpl, suffixlen, &flags, tryfunc[kind],
+ x_suffix_len);
+}
+
+#ifdef _LIBC
+static
+#endif
+int
+try_tempname_len (char *tmpl, int suffixlen, void *args,
+ int (*tryfunc) (char *, void *), size_t x_suffix_len)
+{
+ size_t len;
char *XXXXXX;
unsigned int count;
int fd = -1;
int save_errno = errno;
- struct_stat64 st;
/* A lower bound on the number of temporary files to attempt to
generate. The maximum total number of temporary file names that
can exist for a given template is 62**6. It should never be
necessary to try all of these combinations. Instead if a reasonable
number of names is tried (we define reasonable as 62**3) fail to
- give the system administrator the chance to remove the problems. */
+ give the system administrator the chance to remove the problems.
+ This value requires that X_SUFFIX_LEN be at least 3. */
#define ATTEMPTS_MIN (62 * 62 * 62)
/* The number of times to attempt to generate a temporary file. To
@@ -206,82 +260,75 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
unsigned int attempts = ATTEMPTS_MIN;
#endif
+ /* A random variable. The initial value is used only the for fallback path
+ on 'random_bits' on 'getrandom' failure. Its initial value tries to use
+ some entropy from the ASLR and ignore possible bits from the stack
+ alignment. */
+ random_value v = ((uintptr_t) &v) / alignof (max_align_t);
+
+ /* How many random base-62 digits can currently be extracted from V. */
+ int vdigits = 0;
+
+ /* Least unfair value for V. If V is less than this, V can generate
+ BASE_62_DIGITS digits fairly. Otherwise it might be biased. */
+ random_value const unfair_min
+ = RANDOM_VALUE_MAX - RANDOM_VALUE_MAX % BASE_62_POWER;
+
len = strlen (tmpl);
- if (len < 6 + suffixlen || memcmp (&tmpl[len - 6 - suffixlen], "XXXXXX", 6))
+ if (len < x_suffix_len + suffixlen
+ || strspn (&tmpl[len - x_suffix_len - suffixlen], "X") < x_suffix_len)
{
__set_errno (EINVAL);
return -1;
}
/* This is where the Xs start. */
- XXXXXX = &tmpl[len - 6 - suffixlen];
+ XXXXXX = &tmpl[len - x_suffix_len - suffixlen];
- uint64_t pid = (uint64_t) __getpid () << 32;
for (count = 0; count < attempts; ++count)
{
- uint64_t v;
- /* Get some more or less random data. */
- RANDOM_BITS (v);
- v ^= pid;
-
- /* Fill in the random bits. */
- XXXXXX[0] = letters[v % 62];
- v /= 62;
- XXXXXX[1] = letters[v % 62];
- v /= 62;
- XXXXXX[2] = letters[v % 62];
- v /= 62;
- XXXXXX[3] = letters[v % 62];
- v /= 62;
- XXXXXX[4] = letters[v % 62];
- v /= 62;
- XXXXXX[5] = letters[v % 62];
-
- switch (kind)
- {
- case __GT_FILE:
- fd = __open (tmpl,
- (flags & ~O_ACCMODE)
- | O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
- break;
-
- case __GT_DIR:
- fd = __mkdir (tmpl, S_IRUSR | S_IWUSR | S_IXUSR);
- break;
-
- case __GT_NOCREATE:
- /* This case is backward from the other three. __gen_tempname
- succeeds if lstat fails because the name does not exist.
- Note the continue to bypass the common logic at the bottom
- of the loop. */
- if (__lstat64 (tmpl, &st) < 0)
- {
- if (errno == ENOENT)
- {
- __set_errno (save_errno);
- return 0;
- }
- else
- /* Give up now. */
- return -1;
- }
- continue;
-
- default:
- assert (! "invalid KIND in __gen_tempname");
- abort ();
- }
-
+ for (size_t i = 0; i < x_suffix_len; i++)
+ {
+ if (vdigits == 0)
+ {
+ do
+ v = random_bits (v);
+ while (unfair_min <= v);
+
+ vdigits = BASE_62_DIGITS;
+ }
+
+ XXXXXX[i] = letters[v % 62];
+ v /= 62;
+ vdigits--;
+ }
+
+ fd = tryfunc (tmpl, args);
if (fd >= 0)
- {
- __set_errno (save_errno);
- return fd;
- }
+ {
+ __set_errno (save_errno);
+ return fd;
+ }
else if (errno != EEXIST)
- return -1;
+ return -1;
}
/* We got out of the loop because we ran out of combinations to try. */
__set_errno (EEXIST);
return -1;
}
+
+int
+__gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+{
+ return gen_tempname_len (tmpl, suffixlen, flags, kind, 6);
+}
+
+#if !_LIBC
+int
+try_tempname (char *tmpl, int suffixlen, void *args,
+ int (*tryfunc) (char *, void *))
+{
+ return try_tempname_len (tmpl, suffixlen, args, tryfunc, 6);
+}
+#endif

17
glibc-rh2089247-5.patch Normal file
View File

@ -0,0 +1,17 @@
Downstream-only patch to use non-time64 identifiers in
sysdeps/posix/tempname.c. Upstream has switched to the time64
symbols.
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
index f199b25a7a227751..fcab9b26364021e4 100644
--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
@@ -56,6 +56,8 @@
#if _LIBC
# define struct_stat64 struct stat64
# define __secure_getenv __libc_secure_getenv
+# define __clock_gettime64 __clock_gettime
+# define __timespec64 timespec
#else
# define struct_stat64 struct stat
# define __gen_tempname gen_tempname

66
glibc-rh2089247-6.patch Normal file
View File

@ -0,0 +1,66 @@
commit f430293d842031f2afc3013f156e1018065e480e
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Jan 12 09:17:09 2021 -0300
posix: consume less entropy on tempname
The first getrandom is used only for __GT_NOCREATE, which is inherently
insecure and can use the entropy as a small improvement. On the
second and later attempts it might help against DoS attacks.
It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.
Checked on x86_64-linux-gnu.
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
index fcab9b26364021e4..3435c4bf75a01f42 100644
--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
@@ -22,6 +22,7 @@
#include <sys/types.h>
#include <assert.h>
+#include <stdbool.h>
#include <errno.h>
@@ -79,11 +80,11 @@ typedef uint_fast64_t random_value;
#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
static random_value
-random_bits (random_value var)
+random_bits (random_value var, bool use_getrandom)
{
random_value r;
/* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
- if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
+ if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
return r;
#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
/* Add entropy if getrandom did not work. */
@@ -271,6 +272,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
/* How many random base-62 digits can currently be extracted from V. */
int vdigits = 0;
+ /* Whether to consume entropy when acquiring random bits. On the
+ first try it's worth the entropy cost with __GT_NOCREATE, which
+ is inherently insecure and can use the entropy to make it a bit
+ less secure. On the (rare) second and later attempts it might
+ help against DoS attacks. */
+ bool use_getrandom = tryfunc == try_nocreate;
+
/* Least unfair value for V. If V is less than this, V can generate
BASE_62_DIGITS digits fairly. Otherwise it might be biased. */
random_value const unfair_min
@@ -294,7 +302,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
if (vdigits == 0)
{
do
- v = random_bits (v);
+ {
+ v = random_bits (v, use_getrandom);
+ use_getrandom = true;
+ }
while (unfair_min <= v);
vdigits = BASE_62_DIGITS;

11
glibc.spec
View File

@ -1,6 +1,6 @@
%define glibcsrcdir glibc-2.28
%define glibcversion 2.28
%define glibcrelease 203%{?dist}
%define glibcrelease 204%{?dist}
# Pre-release tarballs are pulled in from git using a command that is
# effectively:
#
@ -897,6 +897,12 @@ Patch702: glibc-rh1982608.patch
Patch703: glibc-rh1961109.patch
Patch704: glibc-rh2086853.patch
Patch705: glibc-rh2077835.patch
Patch706: glibc-rh2089247-1.patch
Patch707: glibc-rh2089247-2.patch
Patch708: glibc-rh2089247-3.patch
Patch709: glibc-rh2089247-4.patch
Patch710: glibc-rh2089247-5.patch
Patch711: glibc-rh2089247-6.patch
##############################################################################
# Continued list of core "glibc" package information:
@ -2727,6 +2733,9 @@ fi
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
%changelog
* Mon May 23 2022 Florian Weimer <fweimer@redhat.com> - 2.28-204
- Increase tempnam randomness (#2089247)
* Tue May 17 2022 Patsy Griffin <patsy@redhat.com> - 2.28-203
- 390x: Add support for IBM z16. (#2077835)