Add a patch to obtain random bytes from /dev/urandom
Signed-off-by: Björn Esser <besser82@fedoraproject.org>
This commit is contained in:
Björn Esser
parent
1b6e097b0e
commit
bace2f8c6b
114
shadow-4.8.1-salt_c_use_dev_urandom.patch
Normal file
114
shadow-4.8.1-salt_c_use_dev_urandom.patch
Normal file
@ -0,0 +1,114 @@
|
||||
From bc8257cf73328e450511b13cbd35e1994feccb30 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
|
||||
Date: Wed, 23 Jun 2021 16:06:47 +0200
|
||||
Subject: [PATCH] libmisc/salt.c: Obtain random bytes from /dev/urandom.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Using the random() function to obtain pseudo-random bytes
|
||||
for generating salt strings is considered to be dangerous.
|
||||
See CWE-327.
|
||||
|
||||
We really should use a more reliable source for obtaining
|
||||
pseudo-random bytes like /dev/urandom.
|
||||
|
||||
Fixes #376.
|
||||
|
||||
Signed-off-by: Björn Esser <besser82@fedoraproject.org>
|
||||
---
|
||||
libmisc/salt.c | 45 ++++++++++++++++++++++++---------------------
|
||||
1 file changed, 24 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/libmisc/salt.c b/libmisc/salt.c
|
||||
index e17093fc..af9f011f 100644
|
||||
--- a/libmisc/salt.c
|
||||
+++ b/libmisc/salt.c
|
||||
@@ -11,11 +11,10 @@
|
||||
|
||||
#ident "$Id$"
|
||||
|
||||
-#include <sys/time.h>
|
||||
-#include <string.h>
|
||||
-#include <stdlib.h>
|
||||
-#include <stdio.h>
|
||||
#include <assert.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
#include "prototypes.h"
|
||||
#include "defines.h"
|
||||
#include "getdef.h"
|
||||
@@ -74,7 +73,7 @@
|
||||
#define GENSALT_SETTING_SIZE 100
|
||||
|
||||
/* local function prototypes */
|
||||
-static void seedRNG (void);
|
||||
+static long read_random_bytes (void);
|
||||
static /*@observer@*/const char *gensalt (size_t salt_size);
|
||||
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
|
||||
static long shadow_random (long min, long max);
|
||||
@@ -125,23 +124,27 @@ static /*@observer@*/char *l64a (long value)
|
||||
}
|
||||
#endif /* !HAVE_L64A */
|
||||
|
||||
-static void seedRNG (void)
|
||||
+/* Read sizeof (long) random bytes from /dev/urandom. */
|
||||
+static long read_random_bytes (void)
|
||||
{
|
||||
- struct timeval tv;
|
||||
- static int seeded = 0;
|
||||
+ long randval = 0;
|
||||
+ FILE *f = fopen ("/dev/urandom", "r");
|
||||
|
||||
- if (0 == seeded) {
|
||||
- (void) gettimeofday (&tv, NULL);
|
||||
- srandom (tv.tv_sec ^ tv.tv_usec ^ getpid ());
|
||||
- seeded = 1;
|
||||
+ if (fread (&randval, sizeof (randval), 1, f) != sizeof (randval))
|
||||
+ {
|
||||
+ fprintf (shadow_logfd,
|
||||
+ _("Unable to read from /dev/urandom.\n"));
|
||||
+
|
||||
+ fclose(f);
|
||||
+ exit (1);
|
||||
}
|
||||
+
|
||||
+ fclose(f);
|
||||
+
|
||||
+ return randval;
|
||||
}
|
||||
|
||||
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
|
||||
-/* It is not clear what is the maximum value of random().
|
||||
- * We assume 2^31-1.*/
|
||||
-#define RANDOM_MAX 0x7FFFFFFF
|
||||
-
|
||||
/*
|
||||
* Return a random number between min and max (both included).
|
||||
*
|
||||
@@ -151,8 +154,9 @@ static long shadow_random (long min, long max)
|
||||
{
|
||||
double drand;
|
||||
long ret;
|
||||
- seedRNG ();
|
||||
- drand = (double) (max - min + 1) * random () / RANDOM_MAX;
|
||||
+
|
||||
+ drand = (double) (read_random_bytes () & RAND_MAX) / (double) RAND_MAX;
|
||||
+ drand *= (double) (max - min + 1);
|
||||
/* On systems were this is not random() range is lower, we favor
|
||||
* higher numbers of salt. */
|
||||
ret = (long) (max + 1 - drand);
|
||||
@@ -354,10 +358,9 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
|
||||
|
||||
assert (salt_size >= MIN_SALT_SIZE &&
|
||||
salt_size <= MAX_SALT_SIZE);
|
||||
- seedRNG ();
|
||||
- strcat (salt, l64a (random()));
|
||||
+ strcat (salt, l64a (read_random_bytes ()));
|
||||
do {
|
||||
- strcat (salt, l64a (random()));
|
||||
+ strcat (salt, l64a (read_random_bytes ()));
|
||||
} while (strlen (salt) < salt_size);
|
||||
|
||||
salt[salt_size] = '\0';
|
||||
@ -112,6 +112,8 @@ Patch61: shadow-4.8.1-fix_bcrypt_prefix.patch
|
||||
Patch62: shadow-4.8.1-salt_c_sanitize_code.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/dbf230e4cf823dd6b6a3bad6d29dfad4f0ffa8fc
|
||||
Patch63: shadow-4.8.1-salt_c_comments.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/bc8257cf73328e450511b13cbd35e1994feccb30
|
||||
Patch64: shadow-4.8.1-salt_c_use_dev_urandom.patch
|
||||
|
||||
License: BSD and GPLv2+
|
||||
BuildRequires: make
|
||||
@ -200,6 +202,7 @@ Development files for shadow-utils-subid.
|
||||
%patch61 -p1 -b .bcrypt_prefix
|
||||
%patch62 -p1 -b .sanitize_code
|
||||
%patch63 -p1 -b .comments
|
||||
%patch64 -p1 -b .use_dev_urandom
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||
@ -373,6 +376,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
||||
- Add a patch to fix the used prefix for the bcrypt hash method
|
||||
- Add a patch to cleanup the code in libmisc/salt.c
|
||||
- Add a patch adding some clarifying comments in libmisc/salt.c
|
||||
- Add a patch to obtain random bytes from /dev/urandom
|
||||
|
||||
* Mon Jun 28 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-13
|
||||
- Covscan fixes
|
||||
|
||||
Loading…
Reference in New Issue
Block a user