Attachment #171224 for bug #210155

View | Details | Raw Unified | Return to bug 210155
Collapse All | Expand All

Lines 41-46 include_directories(${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/lib) Link Here

(-)b/expat/CMakeLists.txt (+3 lines)
41	if(MSVC)	41	if(MSVC)
42	add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996)	42	add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996)
43	endif(MSVC)	43	endif(MSVC)
		44	if(WIN32)
		45	add_definitions(-DCOMPILED_FROM_DSP)
		46	endif(WIN32)
44		47
45	set(expat_SRCS	48	set(expat_SRCS
46	lib/xmlparse.c	49	lib/xmlparse.c

Lines 6-12 Link Here

(-)b/expat/lib/xmlparse.c (-8 / +41 lines)
6	#include <string.h> /* memset(), memcpy() */	6	#include <string.h> /* memset(), memcpy() */
7	#include <assert.h>	7	#include <assert.h>
8	#include <limits.h> /* UINT_MAX */	8	#include <limits.h> /* UINT_MAX */
9	#include <time.h> /* time() */	9
		10	#ifdef COMPILED_FROM_DSP
		11	#define getpid GetCurrentProcessId
		12	#else
		13	#include <sys/time.h> /* gettimeofday() */
		14	#include <sys/types.h> /* getpid() */
		15	#include <unistd.h> /* getpid() */
		16	#endif
10		17
11	#define XML_BUILDING_EXPAT 1	18	#define XML_BUILDING_EXPAT 1
12		19
Lines 432-438 static ELEMENT_TYPE * Link Here
432	getElementType(XML_Parser parser, const ENCODING *enc,	439	getElementType(XML_Parser parser, const ENCODING *enc,
433	const char ptr, const char end);	440	const char ptr, const char end);
434		441
435	static unsigned long generate_hash_secret_salt(void);	442	static unsigned long generate_hash_secret_salt(XML_Parser parser);
436	static XML_Bool startParsing(XML_Parser parser);	443	static XML_Bool startParsing(XML_Parser parser);
437		444
438	static XML_Parser	445	static XML_Parser
Lines 691-701 static const XML_Char implicitContext[] = { Link Here
691	};	698	};
692		699
693	static unsigned long	700	static unsigned long
694	generate_hash_secret_salt(void)	701	gather_time_entropy(void)
695	{	702	{
696	unsigned int seed = time(NULL) % UINT_MAX;	703	#ifdef COMPILED_FROM_DSP
697	srand(seed);	704	FILETIME ft;
698	return rand();	705	GetSystemTimeAsFileTime(&ft); /* never fails */
		706	return ft.dwHighDateTime ^ ft.dwLowDateTime;
		707	#else
		708	struct timeval tv;
		709	int gettimeofday_res;
		710
		711	gettimeofday_res = gettimeofday(&tv, NULL);
		712	assert (gettimeofday_res == 0);
		713
		714	/* Microseconds time is <20 bits entropy */
		715	return tv.tv_usec;
		716	#endif
		717	}
		718
		719	static unsigned long
		720	generate_hash_secret_salt(XML_Parser parser)
		721	{
		722	/* Process ID is 0 bits entropy if attacker has local access
		723	* XML_Parser address is few bits of entropy if attacker has local access */
		724	const unsigned long entropy =
		725	gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
		726
		727	/* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
		728	if (sizeof(unsigned long) == 4) {
		729	return entropy * 2147483647;
		730	} else {
		731	return entropy * 2305843009213693951;
		732	}
699	}	733	}
700		734
701	static XML_Bool /* only valid for root parser */	735	static XML_Bool /* only valid for root parser */
Lines 703-709 startParsing(XML_Parser parser) Link Here
703	{	737	{
704	/* hash functions must be initialized before setContext() is called */	738	/* hash functions must be initialized before setContext() is called */
705	if (hash_secret_salt == 0)	739	if (hash_secret_salt == 0)
706	hash_secret_salt = generate_hash_secret_salt();	740	hash_secret_salt = generate_hash_secret_salt(parser);
707	if (ns) {	741	if (ns) {
708	/* implicit context only set for root parser, since child	742	/* implicit context only set for root parser, since child
709	parsers (i.e. external entity parsers) will inherit it	743	parsers (i.e. external entity parsers) will inherit it
710	-

Return to bug 210155