diff options
author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2021-01-12 09:17:09 -0300 |
---|---|---|
committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2021-01-12 09:50:54 -0300 |
commit | f430293d842031f2afc3013f156e1018065e480e (patch) | |
tree | 0d2f41076707b5b25b41124ba169e0a7dab0a542 | |
parent | 0400f928335a5e04c788e1c831d8825d42612c49 (diff) | |
download | glibc-f430293d842031f2afc3013f156e1018065e480e.zip glibc-f430293d842031f2afc3013f156e1018065e480e.tar.gz glibc-f430293d842031f2afc3013f156e1018065e480e.tar.bz2 |
posix: consume less entropy on tempname
The first getrandom is used only for __GT_NOCREATE, which is inherently
insecure and can use the entropy as a small improvement. On the
second and later attempts it might help against DoS attacks.
It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.
Checked on x86_64-linux-gnu.
-rw-r--r-- | sysdeps/posix/tempname.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c index f199b25..5f804b3 100644 --- a/sysdeps/posix/tempname.c +++ b/sysdeps/posix/tempname.c @@ -22,6 +22,7 @@ #include <sys/types.h> #include <assert.h> +#include <stdbool.h> #include <errno.h> @@ -77,11 +78,11 @@ typedef uint_fast64_t random_value; #define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62) static random_value -random_bits (random_value var) +random_bits (random_value var, bool use_getrandom) { random_value r; /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */ - if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) + if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) return r; #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME) /* Add entropy if getrandom did not work. */ @@ -269,6 +270,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args, /* How many random base-62 digits can currently be extracted from V. */ int vdigits = 0; + /* Whether to consume entropy when acquiring random bits. On the + first try it's worth the entropy cost with __GT_NOCREATE, which + is inherently insecure and can use the entropy to make it a bit + less secure. On the (rare) second and later attempts it might + help against DoS attacks. */ + bool use_getrandom = tryfunc == try_nocreate; + /* Least unfair value for V. If V is less than this, V can generate BASE_62_DIGITS digits fairly. Otherwise it might be biased. */ random_value const unfair_min @@ -292,7 +300,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args, if (vdigits == 0) { do - v = random_bits (v); + { + v = random_bits (v, use_getrandom); + use_getrandom = true; + } while (unfair_min <= v); vdigits = BASE_62_DIGITS; |