oss-security - Re: expat hash collision fix too predictable?

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <5751DAF8.6060901@pipping.org>
Date: Fri, 3 Jun 2016 21:31:04 +0200
From: Sebastian Pipping <sebastian@...ping.org>
To: oss-security@...ts.openwall.com
Subject: Re: expat hash collision fix too predictable?

Hi!

On 05.04.2012 11:30, Marcus Meissner wrote:
> Hi,
> 
> while reviewing a expat regression (likely caused by the hash collision denial of service fix, but unclear)
> i stumbled about the randomness it uses.
> 
> 	static unsigned long
> 	generate_hash_secret_salt(void)
> 	{
> 	  unsigned int seed = time(NULL) % UINT_MAX;
> 	  srand(seed);
> 	  return rand();
> 	}
> 
> and it is seeded once at parser object creation.
> 
> This is better than not seeding, but I am not sure if it is sufficient.
> 
> Ciao, Marcus
> 

Please excuse bumping this thread.  It think it may need another CVE:

The call to srand(3) can reduce the security of the calling application,
depending on what it is doing with srand(3)/random(3).  This behavior is
recognized as a bug by Fedora, too
(https://bugzilla.redhat.com/show_bug.cgi?id=1197087).

There are multiple related commits in Expat's Git repository.  I am
happy to extract a single to-the-point patch for your version of Expat
and operating system platform from that for you, if needed.

Best

Sebastian

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.