summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthieu Herrb <matthieu@herrb.eu>2017-02-28 19:18:43 +0100
committerAdam Jackson <ajax@redhat.com>2017-02-28 14:18:26 -0500
commitab15f65fe5d6d50e705c1064a6a5c1a0c2a8e045 (patch)
tree05e009185721815e12a56c71e7c4d7af9f1ea6fe
parent3f61c7a09b220805ee6778f4bf2f429e3df8e37a (diff)
Use arc4random_buf(3) if available to generate cookies.
Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> (cherry picked from commit 957e8db38f27932d353e86e9aa69cf16778b18f1)
-rw-r--r--configure.ac2
-rw-r--r--include/dix-config.h.in6
-rw-r--r--os/auth.c7
3 files changed, 15 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 62cd547ef..610de09b4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -225,6 +225,8 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup\
timingsafe_memcmp])
AM_CONDITIONAL(POLL, [test "x$ac_cv_func_poll" = "xyes"])
+AC_CHECK_LIB([bsd], [arc4random_buf])
+
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
dnl Check for SO_PEERCRED #define
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 4b86c1a3c..d357910a6 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -125,6 +125,9 @@
/* Build a standalone xpbproxy */
#undef STANDALONE_XPBPROXY
+/* Define to 1 if you have the `bsd' library (-lbsd). */
+#undef HAVE_LIBBSD
+
/* Define to 1 if you have the `m' library (-lm). */
#undef HAVE_LIBM
@@ -161,6 +164,9 @@
/* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
#undef HAVE_RPCSVC_DBM_H
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
/* Define to use libc SHA1 functions */
#undef HAVE_SHA1_IN_LIBC
diff --git a/os/auth.c b/os/auth.c
index 7da6fc6ed..81164a2f5 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -45,6 +45,9 @@ from The Open Group.
#ifdef WIN32
#include <X11/Xw32defs.h>
#endif
+#ifdef HAVE_LIBBSD
+#include <bsd/stdlib.h> /* for arc4random_buf() */
+#endif
struct protocol {
unsigned short name_length;
@@ -303,11 +306,15 @@ GenerateAuthorization(unsigned name_length,
void
GenerateRandomData(int len, char *buf)
{
+#ifdef HAVE_ARC4RANDOMBUF
+ arc4random_buf(buf, len);
+#else
int fd;
fd = open("/dev/urandom", O_RDONLY);
read(fd, buf, len);
close(fd);
+#endif
}
#endif /* XCSECURITY */