From patchwork Thu Apr 4 08:31:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 161767 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp1313378jan; Thu, 4 Apr 2019 01:32:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqzLLgTq4XiYES35n12FfvlvTHTpy+9LbQS3sozobyIJugRNfVw7ujwC+hwMJ77yoG7jo0x3 X-Received: by 2002:aa7:9088:: with SMTP id i8mr4590570pfa.118.1554366720119; Thu, 04 Apr 2019 01:32:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554366720; cv=none; d=google.com; s=arc-20160816; b=bCqS75hPt1CnFC8RzpSq2VEbK3jndjmBPxRM51hiiUR9rh9d1eN19A8xgnyVxZDUvy K4zYBQf2LLxo62Z9xVutyKiIEyVu05nNCVFUCwW+bBfKLMo0KPBX4LEYYSonISCUfAjB FLxQyUFY0R0wfrxOgZcHUd5q7ch2vNS/2d+s2mik7miAy/irs289PmEjSHCih/n5GyEE wUN0wNh/vmfcXLfZ3smmzpAj/koXFarjB9qAa5ipA2JoC4ZDtaBW6N2l+KRjx5jCoW0k uvjfcuoyZqnTNV4SdpBfiygHH0jCJRHy2NgWAnDb9Rs0C4drFLhy7BtltjG8Qfz2PIEM T+PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:delivered-to:sender:list-help:list-post :list-archive:list-subscribe:list-unsubscribe:list-id:precedence :mailing-list:dkim-signature:domainkey-signature; bh=HzAYyWAucIscxzivB8caCdAmPVI/6JsJyMDteQgOYcw=; b=YmoCeiwG0svk+hxuufszKoVNINGybGULL6cTcH2NjyTAeTH6Hf2kBLuI9mNQFH+wYN ZYLpocs6ReJ6RV86T1SnmV5ERwhIUccawB3XdV5Lwj3DPjP6w+P4cFAU8f2zNBLtUpKa iVCcSih5csnMUk9dcQtJ4Oh6K6yTNbpkShWt3+572KdtYfaB7FQn6PyGyzy7l+mGGeFx hTTIkPlt5qBrY+UYN/A+vgV5xhUGtwSsJGPhlt91Yi4oAR/xJ45+aL9HG8Q3N/WLocbT xbqqj8M0j7QuhGR/6nl5qsGGMWlIQhrMzI6zGokPKQ2dcR5q7c2htKxjI+gXIYVWvTiA 0mrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=vw1u1kz9; dkim=pass header.i=@linaro.org header.s=google header.b="xw4YCZ/n"; spf=pass (google.com: domain of libc-alpha-return-101178-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) smtp.mailfrom="libc-alpha-return-101178-patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id p61si15194917plb.16.2019.04.04.01.31.59 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Apr 2019 01:32:00 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-return-101178-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=vw1u1kz9; dkim=pass header.i=@linaro.org header.s=google header.b="xw4YCZ/n"; spf=pass (google.com: domain of libc-alpha-return-101178-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) smtp.mailfrom="libc-alpha-return-101178-patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; q=dns; s=default; b=rdm EH3iHj/JIZY5D04xeqYuhvD7X+kyoO+vEckXDs4MjECE5nn/32AGHnfhca9K+p/4 W9xGxd8QUa9Jf8vg96PFkah84jhgXAPnkV2aBkUIHwSpSuCzm/iIceJRQKm4vGnh BORpYQ9ss9JQiYWzr0WIK3ESb9hjpoctFP7obrnk= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; s=default; bh=zyTXOdNlp uMOoGddwlY5eB1HB/g=; b=vw1u1kz9HxIozffnkQhq4cG+nqoB5hdCGZabfJp5B KeZnhNjepGb1Rb7VkA2ZOFKrizH36jLXOkBXPmJ+X0DBTrZcUSSU3d/kV38wQ7xs JAKQdbFIzkjxCzZhk6PCz9OOU+d641zH5w/FfMQHo+Pr/d8fo0P7qElRMoW9DCDz Xg= Received: (qmail 105400 invoked by alias); 4 Apr 2019 08:31:52 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 104970 invoked by uid 89); 4 Apr 2019 08:31:51 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-22.7 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.1 spammy=1627, POSIX, HX-Received:92d5, mkdir X-HELO: mail-pf1-f195.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=HzAYyWAucIscxzivB8caCdAmPVI/6JsJyMDteQgOYcw=; b=xw4YCZ/nsnROy+OkwYOoLxwoGrvxLuAUqgu49gf85RU9elBRbBHhr+1GFuALaS7q6+ hI+C94NS6aoqORMsNIJSOa3o9OlywJiGurB8TpfLQYPszhT5ftRfnNbYui/c01s6ocbB PLv9WAwTOe98NPF3RdlRqFa1InbOaWSjrY0mqwhxJ4189IT8i++bupKn8UyZ0Mfcf9WP 3kV2bFX9agQ2X2aVNkwAHqcFO+o0EUUwwawrjhnC10BOz5hG/zVN2cPaVNc/igR2wCRF LQso1BhZ0lFYB+8hz0at3kIMzhCBXGTH9hCrlTR/F/XtH3jcDGGCKABy30Swx1LjNceg jNGQ== Return-Path: From: adhemerval.zanella@linaro.org To: libc-alpha@sourceware.org Cc: Adhemerval Zanella Subject: [PATCH] posix: Fix __gen_tempname iteration entropy (BZ#15813) Date: Thu, 4 Apr 2019 15:31:42 +0700 Message-Id: <20190404083142.30008-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 From: Adhemerval Zanella Patch "Do not use HP_TIMING_NOW for random bits (359653aaacad4)" fixed mostly of the __gen_tempname issues described by BZ#15813. This patch fixes the remaining one by adding a extra call to random_bits for eac iteration while trying to create the random name. The patch also cleanups the tempname implementation since now it deviates from gnulib counterpart. Checked on powerpc64le-linux-gnu. [BZ #15813] * sysdeps/posix/tempname.c: Remove ununsed includes, redundant definitions, and defines used only for gnulib. (__gen_tempname): Set number of attemps to TMP_MAX and use random_bits on eachh iteration. --- ChangeLog | 8 ++++ sysdeps/posix/tempname.c | 97 ++++------------------------------------ 2 files changed, 17 insertions(+), 88 deletions(-) -- 2.19.1 diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c index de346949b2..ccbab46029 100644 --- a/sysdeps/posix/tempname.c +++ b/sysdeps/posix/tempname.c @@ -15,88 +15,18 @@ License along with the GNU C Library; if not, see . */ -#if !_LIBC -# include -# include "tempname.h" -#endif - -#include -#include - -#include -#ifndef __set_errno -# define __set_errno(Val) errno = (Val) -#endif - #include -#ifndef P_tmpdir -# define P_tmpdir "/tmp" -#endif -#ifndef TMP_MAX -# define TMP_MAX 238328 -#endif -#ifndef __GT_FILE -# define __GT_FILE 0 -# define __GT_DIR 1 -# define __GT_NOCREATE 2 -#endif -#if !_LIBC && (GT_FILE != __GT_FILE || GT_DIR != __GT_DIR \ - || GT_NOCREATE != __GT_NOCREATE) -# error report this to bug-gnulib@gnu.org -#endif - -#include -#include -#include - -#include -#include -#include #include +#include +#include +#include +#include -#include - -#if _LIBC -# define struct_stat64 struct stat64 -# define __secure_getenv __libc_secure_getenv -#else -# define struct_stat64 struct stat -# define __gen_tempname gen_tempname -# define __getpid getpid -# define __gettimeofday gettimeofday -# define __mkdir mkdir -# define __open open -# define __lxstat64(version, file, buf) lstat (file, buf) -# define __secure_getenv secure_getenv -#endif - -#ifdef _LIBC -# include -# define RANDOM_BITS(Var) ((Var) = random_bits ()) -# else -# define RANDOM_BITS(Var) \ - { \ - struct timeval tv; \ - __gettimeofday (&tv, NULL); \ - (Var) = ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec; \ - } -#endif - -/* Use the widest available unsigned type if uint64_t is not - available. The algorithm below extracts a number less than 62**6 - (approximately 2**35.725) from uint64_t, so ancient hosts where - uintmax_t is only 32 bits lose about 3.725 bits of randomness, - which is better than not having mkstemp at all. */ -#if !defined UINT64_MAX && !defined uint64_t -# define uint64_t uintmax_t -#endif - -#if _LIBC /* Return nonzero if DIR is an existent directory. */ static int direxists (const char *dir) { - struct_stat64 buf; + struct stat64 buf; return __xstat64 (_STAT_VER, dir, &buf) == 0 && S_ISDIR (buf.st_mode); } @@ -127,7 +57,7 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx, if (try_tmpdir) { - d = __secure_getenv ("TMPDIR"); + d = __libc_secure_getenv ("TMPDIR"); if (d != NULL && direxists (d)) dir = d; else if (dir != NULL && direxists (dir)) @@ -162,7 +92,6 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx, sprintf (tmpl, "%.*s/%.*sXXXXXX", (int) dlen, dir, (int) plen, pfx); return 0; } -#endif /* _LIBC */ /* These are the characters used in temporary file names. */ static const char letters[] = @@ -190,7 +119,7 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind) unsigned int count; int fd = -1; int save_errno = errno; - struct_stat64 st; + struct stat64 st; /* A lower bound on the number of temporary files to attempt to generate. The maximum total number of temporary file names that @@ -198,15 +127,7 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind) necessary to try all of these combinations. Instead if a reasonable number of names is tried (we define reasonable as 62**3) fail to give the system administrator the chance to remove the problems. */ -#define ATTEMPTS_MIN (62 * 62 * 62) - - /* The number of times to attempt to generate a temporary file. To - conform to POSIX, this must be no smaller than TMP_MAX. */ -#if ATTEMPTS_MIN < TMP_MAX unsigned int attempts = TMP_MAX; -#else - unsigned int attempts = ATTEMPTS_MIN; -#endif len = strlen (tmpl); if (len < 6 + suffixlen || memcmp (&tmpl[len - 6 - suffixlen], "XXXXXX", 6)) @@ -219,10 +140,10 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind) XXXXXX = &tmpl[len - 6 - suffixlen]; /* Get some more or less random data. */ - RANDOM_BITS (value); + value = random_bits (); value ^= (uint64_t)__getpid () << 32; - for (count = 0; count < attempts; value += 7777, ++count) + for (count = 0; count < attempts; value += random_bits (), ++count) { uint64_t v = value;