mollyim/unbound
1
0
Fork 0
mirror of https://github.com/mollyim/unbound.git synced 2025-05-15 06:40:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2019-11-20 13:12:36 +01:00
parent 3ebc480690
commit d085a0039b
2 changed files with 26 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
compat/getentropy_osx.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_osx.c,v 1.3 2014/07/12 14:48:00 deraadt Exp $ */ /* $OpenBSD: getentropy_osx.c,v 1.12 2018/11/20 08:04:28 deraadt Exp $ */
/* /*
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@ -15,9 +15,12 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Emulation of getentropy(2) as documented at:
* http://man.openbsd.org/getentropy.2
*/ */
#include "config.h"
#include <TargetConditionals.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/param.h> #include <sys/param.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
@ -43,14 +46,18 @@
#include <mach/mach_time.h> #include <mach/mach_time.h>
#include <mach/mach_host.h> #include <mach/mach_host.h>
#include <mach/host_info.h> #include <mach/host_info.h>
#if TARGET_OS_OSX
#include <sys/socketvar.h> #include <sys/socketvar.h>
#include <sys/vmmeter.h> #include <sys/vmmeter.h>
#endif
#include <netinet/in.h> #include <netinet/in.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
#if TARGET_OS_OSX
#include <netinet/udp.h> #include <netinet/udp.h>
#include <netinet/ip_var.h> #include <netinet/ip_var.h>
#include <netinet/tcp_var.h> #include <netinet/tcp_var.h>
#include <netinet/udp_var.h> #include <netinet/udp_var.h>
#endif
#include <CommonCrypto/CommonDigest.h> #include <CommonCrypto/CommonDigest.h>
#define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c))) #define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c)))
#define SHA512_Init(xxx) (CC_SHA512_Init((xxx))) #define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
@ -75,10 +82,6 @@
int getentropy(void *buf, size_t len); int getentropy(void *buf, size_t len);
#ifdef CAN_REFERENCE_MAIN
extern int main(int, char *argv[]);
#endif
static int gotdata(char *buf, size_t len);
static int getentropy_urandom(void *buf, size_t len); static int getentropy_urandom(void *buf, size_t len);
static int getentropy_fallback(void *buf, size_t len); static int getentropy_fallback(void *buf, size_t len);
@ -89,7 +92,7 @@ getentropy(void *buf, size_t len)
if (len > 256) { if (len > 256) {
errno = EIO; errno = EIO;
return -1; return (-1);
} }
/* /*
@ -138,22 +141,6 @@ getentropy(void *buf, size_t len)
return (ret); return (ret);
} }
/*
* Basic sanity checking; wish we could do better.
*/
static int
gotdata(char *buf, size_t len)
{
char any_set = 0;
size_t i;
for (i = 0; i < len; ++i)
any_set |= buf[i];
if (any_set == 0)
return -1;
return 0;
}
static int static int
getentropy_urandom(void *buf, size_t len) getentropy_urandom(void *buf, size_t len)
{ {
@ -188,7 +175,7 @@ start:
} }
for (i = 0; i < len; ) { for (i = 0; i < len; ) {
size_t wanted = len - i; size_t wanted = len - i;
ssize_t ret = read(fd, (char*)buf + i, wanted); ssize_t ret = read(fd, (char *)buf + i, wanted);
if (ret == -1) { if (ret == -1) {
if (errno == EAGAIN || errno == EINTR) if (errno == EAGAIN || errno == EINTR)
@ -199,18 +186,18 @@ start:
i += ret; i += ret;
} }
close(fd); close(fd);
if (gotdata(buf, len) == 0) { errno = save_errno;
errno = save_errno; return (0); /* satisfied */
return 0; /* satisfied */
}
nodevrandom: nodevrandom:
errno = EIO; errno = EIO;
return -1; return (-1);
} }
#if TARGET_OS_OSX
static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS }; static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS }; static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS }; static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
#endif
static int kmib[] = { CTL_KERN, KERN_USRSTACK }; static int kmib[] = { CTL_KERN, KERN_USRSTACK };
static int hwmib[] = { CTL_HW, HW_USERMEM }; static int hwmib[] = { CTL_HW, HW_USERMEM };
@ -230,9 +217,11 @@ getentropy_fallback(void *buf, size_t len)
pid_t pid; pid_t pid;
size_t i, ii, m; size_t i, ii, m;
char *p; char *p;
#if TARGET_OS_OSX
struct tcpstat tcpstat; struct tcpstat tcpstat;
struct udpstat udpstat; struct udpstat udpstat;
struct ipstat ipstat; struct ipstat ipstat;
#endif
u_int64_t mach_time; u_int64_t mach_time;
unsigned int idata; unsigned int idata;
void *addr; void *addr;
@ -267,6 +256,7 @@ getentropy_fallback(void *buf, size_t len)
HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]), HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
&idata, &ii, NULL, 0) == -1, idata); &idata, &ii, NULL, 0) == -1, idata);
#if TARGET_OS_OSX
ii = sizeof(tcpstat); ii = sizeof(tcpstat);
HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]), HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
&tcpstat, &ii, NULL, 0) == -1, tcpstat); &tcpstat, &ii, NULL, 0) == -1, tcpstat);
@ -278,6 +268,7 @@ getentropy_fallback(void *buf, size_t len)
ii = sizeof(ipstat); ii = sizeof(ipstat);
HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]), HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
&ipstat, &ii, NULL, 0) == -1, ipstat); &ipstat, &ii, NULL, 0) == -1, ipstat);
#endif
HX((pid = getpid()) == -1, pid); HX((pid = getpid()) == -1, pid);
HX((pid = getsid(pid)) == -1, pid); HX((pid = getsid(pid)) == -1, pid);
@ -295,9 +286,6 @@ getentropy_fallback(void *buf, size_t len)
HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
sigset); sigset);
#ifdef CAN_REFERENCE_MAIN
HF(main); /* an addr in program */
#endif
HF(getentropy); /* an addr in this library */ HF(getentropy); /* an addr in this library */
HF(printf); /* an addr in libc */ HF(printf); /* an addr in libc */
p = (char *)&p; p = (char *)&p;
@ -419,14 +407,11 @@ getentropy_fallback(void *buf, size_t len)
} }
SHA512_Final(results, &ctx); SHA512_Final(results, &ctx);
memcpy((char*)buf + i, results, min(sizeof(results), len - i)); memcpy((char *)buf + i, results, min(sizeof(results), len - i));
i += min(sizeof(results), len - i); i += min(sizeof(results), len - i);
} }
memset(results, 0, sizeof results); explicit_bzero(&ctx, sizeof ctx);
if (gotdata(buf, len) == 0) { explicit_bzero(results, sizeof results);
errno = save_errno; errno = save_errno;
return 0; /* satisfied */ return (0); /* satisfied */
}
errno = EIO;
return -1;
} }

1
doc/Changelog
View file

@ -22,6 +22,7 @@
- Synchronize compat/getentropy_win.c with version 1.5 from - Synchronize compat/getentropy_win.c with version 1.5 from
OpenBSD, no changes but makes the file, comments, identical. OpenBSD, no changes but makes the file, comments, identical.
- Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD.
- Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD.
19 November 2019: Wouter 19 November 2019: Wouter
- Fix CVE-2019-18934, shell execution in ipsecmod. - Fix CVE-2019-18934, shell execution in ipsecmod.