e8f3aa2469
- security update: initialize random generator, CVE-2015-9019 [bsc#934119] OBS-URL: https://build.opensuse.org/request/show/486299 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=57
48 lines
946 B
Diff
48 lines
946 B
Diff
commit 047a0fd99e64c554c4edf44cc67ee765b09af017
|
|
Author: Marcus Meissner <meissner@suse.de>
|
|
Date: Tue Apr 4 16:27:39 2017 +0200
|
|
|
|
initialize the random seed
|
|
|
|
diff --git a/libexslt/math.c b/libexslt/math.c
|
|
index 6b24dbe0..b7a8d6e1 100644
|
|
--- a/libexslt/math.c
|
|
+++ b/libexslt/math.c
|
|
@@ -23,6 +23,14 @@
|
|
#ifdef HAVE_STDLIB_H
|
|
#include <stdlib.h>
|
|
#endif
|
|
+#ifdef HAVE_UNISTD_H
|
|
+#include <unistd.h>
|
|
+#endif
|
|
+#include <fcntl.h>
|
|
+#ifdef HAVE_TIME_H
|
|
+#include <time.h>
|
|
+#endif
|
|
+
|
|
|
|
#include "exslt.h"
|
|
|
|
@@ -474,6 +482,20 @@ static double
|
|
exsltMathRandom (void) {
|
|
double ret;
|
|
int num;
|
|
+ long seed;
|
|
+ static int randinit = 0;
|
|
+
|
|
+ if (!randinit) {
|
|
+ int fd = open("/dev/urandom",O_RDONLY);
|
|
+
|
|
+ seed = time(NULL); /* just in case /dev/urandom is not there */
|
|
+ if (fd != -1) {
|
|
+ read (fd, &seed, sizeof(seed));
|
|
+ close (fd);
|
|
+ }
|
|
+ srand(seed);
|
|
+ randinit = 1;
|
|
+ }
|
|
|
|
num = rand();
|
|
ret = (double)num / (double)RAND_MAX;
|
|
|