|
Lines 6-12
Link Here
|
| 6 |
#include <string.h> /* memset(), memcpy() */ |
6 |
#include <string.h> /* memset(), memcpy() */ |
| 7 |
#include <assert.h> |
7 |
#include <assert.h> |
| 8 |
#include <limits.h> /* UINT_MAX */ |
8 |
#include <limits.h> /* UINT_MAX */ |
| 9 |
#include <time.h> /* time() */ |
9 |
|
|
|
10 |
#ifdef COMPILED_FROM_DSP |
| 11 |
#define getpid GetCurrentProcessId |
| 12 |
#else |
| 13 |
#include <sys/time.h> /* gettimeofday() */ |
| 14 |
#include <sys/types.h> /* getpid() */ |
| 15 |
#include <unistd.h> /* getpid() */ |
| 16 |
#endif |
| 10 |
|
17 |
|
| 11 |
#define XML_BUILDING_EXPAT 1 |
18 |
#define XML_BUILDING_EXPAT 1 |
| 12 |
|
19 |
|
|
Lines 432-438
static ELEMENT_TYPE *
Link Here
|
| 432 |
getElementType(XML_Parser parser, const ENCODING *enc, |
439 |
getElementType(XML_Parser parser, const ENCODING *enc, |
| 433 |
const char *ptr, const char *end); |
440 |
const char *ptr, const char *end); |
| 434 |
|
441 |
|
| 435 |
static unsigned long generate_hash_secret_salt(void); |
442 |
static unsigned long generate_hash_secret_salt(XML_Parser parser); |
| 436 |
static XML_Bool startParsing(XML_Parser parser); |
443 |
static XML_Bool startParsing(XML_Parser parser); |
| 437 |
|
444 |
|
| 438 |
static XML_Parser |
445 |
static XML_Parser |
|
Lines 691-701
static const XML_Char implicitContext[] = {
Link Here
|
| 691 |
}; |
698 |
}; |
| 692 |
|
699 |
|
| 693 |
static unsigned long |
700 |
static unsigned long |
| 694 |
generate_hash_secret_salt(void) |
701 |
gather_time_entropy(void) |
| 695 |
{ |
702 |
{ |
| 696 |
unsigned int seed = time(NULL) % UINT_MAX; |
703 |
#ifdef COMPILED_FROM_DSP |
| 697 |
srand(seed); |
704 |
FILETIME ft; |
| 698 |
return rand(); |
705 |
GetSystemTimeAsFileTime(&ft); /* never fails */ |
|
|
706 |
return ft.dwHighDateTime ^ ft.dwLowDateTime; |
| 707 |
#else |
| 708 |
struct timeval tv; |
| 709 |
int gettimeofday_res; |
| 710 |
|
| 711 |
gettimeofday_res = gettimeofday(&tv, NULL); |
| 712 |
assert (gettimeofday_res == 0); |
| 713 |
|
| 714 |
/* Microseconds time is <20 bits entropy */ |
| 715 |
return tv.tv_usec; |
| 716 |
#endif |
| 717 |
} |
| 718 |
|
| 719 |
static unsigned long |
| 720 |
generate_hash_secret_salt(XML_Parser parser) |
| 721 |
{ |
| 722 |
/* Process ID is 0 bits entropy if attacker has local access |
| 723 |
* XML_Parser address is few bits of entropy if attacker has local access */ |
| 724 |
const unsigned long entropy = |
| 725 |
gather_time_entropy() ^ getpid() ^ (unsigned long)parser; |
| 726 |
|
| 727 |
/* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ |
| 728 |
if (sizeof(unsigned long) == 4) { |
| 729 |
return entropy * 2147483647; |
| 730 |
} else { |
| 731 |
return entropy * 2305843009213693951; |
| 732 |
} |
| 699 |
} |
733 |
} |
| 700 |
|
734 |
|
| 701 |
static XML_Bool /* only valid for root parser */ |
735 |
static XML_Bool /* only valid for root parser */ |
|
Lines 703-709
startParsing(XML_Parser parser)
Link Here
|
| 703 |
{ |
737 |
{ |
| 704 |
/* hash functions must be initialized before setContext() is called */ |
738 |
/* hash functions must be initialized before setContext() is called */ |
| 705 |
if (hash_secret_salt == 0) |
739 |
if (hash_secret_salt == 0) |
| 706 |
hash_secret_salt = generate_hash_secret_salt(); |
740 |
hash_secret_salt = generate_hash_secret_salt(parser); |
| 707 |
if (ns) { |
741 |
if (ns) { |
| 708 |
/* implicit context only set for root parser, since child |
742 |
/* implicit context only set for root parser, since child |
| 709 |
parsers (i.e. external entity parsers) will inherit it |
743 |
parsers (i.e. external entity parsers) will inherit it |
| 710 |
- |
|
|