Hi, inline is a patch to avoid using /dev/random on Windows in ssp.c. If it is getting used there might be a local malicious process supplying fake random values (e.g. via C:\dev\random) rendering SSP useless.
Comments/review are much appreciated. The patch is against the 4.9 branch:
From 372698ef051b776cc30e9ebd2aac7291c19ff506 Mon Sep 17 00:00:00 2001
From: Erinn Clark <er...@torproject.org>
Date: Wed, 12 Mar 2014 16:09:10 +0100
Subject: [PATCH] Don't use /dev/random on Windows, because it is not a
thing.
Apart from that some process might be able to supply fake
random data with e.g. c:\dev\urandom rendering SSP useless.
This patch was written by skruffy, thanks!
---
libssp/ssp.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/libssp/ssp.c b/libssp/ssp.c
index 96adf17..38e3ec8 100644
--- a/libssp/ssp.c
+++ b/libssp/ssp.c
@@ -55,6 +55,7 @@ see the files COPYING3 and COPYING.RUNTIME
respectively. If not, see
/* Native win32 apps don't know about /dev/tty but can print directly
to the console using "CONOUT$" */
#if defined (_WIN32) && !defined (__CYGWIN__)
+#include <windows.h>
# define _PATH_TTY "CONOUT$"
#else
# define _PATH_TTY "/dev/tty"
@@ -75,6 +76,20 @@ __guard_setup (void)
if (__stack_chk_guard != 0)
return;
+#if defined (_WIN32) && !defined (__CYGWIN__)
+ HCRYPTPROV hprovider = 0;
+ if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+ {
+ if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard),
+ (BYTE *)&__stack_chk_guard) && __stack_chk_guard != 0)
+ {
+ CryptReleaseContext(hprovider, 0);
+ return;
+ }
+ CryptReleaseContext(hprovider, 0);
+ }
+#else
fd = open ("/dev/urandom", O_RDONLY);
if (fd != -1)
{
@@ -85,6 +100,7 @@ __guard_setup (void)
return;
}
+#endif
/* If a random generator can't be used, the protector switches the guard
to the "terminator canary". */
p = (unsigned char *) &__stack_chk_guard;
--
1.7.10.4
Georg
signature.asc
Description: OpenPGP digital signature
