Ticket #22919: 0001-Bug-22919-Force-better-random-numbers-for-HTML-Forum.patch

File 0001-Bug-22919-Force-better-random-numbers-for-HTML-Forum.patch, 2.4 KB (added by cypherpunks, 14 months ago)
  • dom/html/HTMLFormSubmission.cpp

    Subject: [PATCH 1/1] Bug 22919: Force better random numbers for HTML Form Boundary
    
    ---
     dom/html/HTMLFormSubmission.cpp | 37 ++++++++++++++++++++++++++++++---
     1 file changed, 34 insertions(+), 3 deletions(-)
    
    diff --git a/dom/html/HTMLFormSubmission.cpp b/dom/html/HTMLFormSubmission.cpp
    index d6269a7ca..a967947f9 100644
    a b  
    3535#include "nsCExternalHandlerService.h"
    3636#include "nsIFileStreams.h"
    3737#include "nsContentUtils.h"
     38#include "nsIRandomGenerator.h"
    3839
    3940#include "mozilla/dom/Directory.h"
    4041#include "mozilla/dom/EncodingUtils.h"
    FSURLEncoded::URLEncode(const nsAString& aStr, nsACString& aEncoded) 
    426427
    427428// --------------------------------------------------------------------------
    428429
     430static void
     431GenerateGlobalRandomBytes(unsigned char *buf, int32_t len)
     432{
     433  // Attempt to generate bytes from system entropy-based RNG.
     434  nsCOMPtr<nsIRandomGenerator> randomGenerator(do_GetService("@mozilla.org/security/random-generator;1"));
     435  MOZ_ASSERT(randomGenerator, "nsIRandomGenerator service not retrievable");
     436  uint8_t *tempBuffer;
     437  nsresult rv = randomGenerator->GenerateRandomBytes(len, &tempBuffer);
     438  if (NS_SUCCEEDED(rv))
     439  {
     440    memcpy(buf, tempBuffer, len);
     441    free(tempBuffer);
     442    return;
     443  }
     444  // nsIRandomGenerator failed -- fall back to low entropy PRNG.
     445  static bool firstTime = true;
     446   if (firstTime)
     447   {
     448     // Seed the random-number generator with current time so that
     449     // the numbers will be different every time we run.
     450     srand( (unsigned)PR_Now() );
     451   }
     452
     453  for( int32_t i = 0; i < len; i++ ) {
     454      buf[i] = rand() % 256;
     455   }
     456}
     457
    429458FSMultipartFormData::FSMultipartFormData(const nsACString& aCharset,
    430459                                         nsIContent* aOriginatingElement)
    431460    : EncodingFormSubmission(aCharset, aOriginatingElement)
    432461{
     462  unsigned char rand_buf[4];
     463  GenerateGlobalRandomBytes(rand_buf, 3);
    433464  mPostDataStream =
    434465    do_CreateInstance("@mozilla.org/io/multiplex-input-stream;1");
    435466  mTotalLength = 0;
    436467
    437468  mBoundary.AssignLiteral("---------------------------");
    438   mBoundary.AppendInt(rand());
    439   mBoundary.AppendInt(rand());
    440   mBoundary.AppendInt(rand());
     469  mBoundary.AppendInt(rand_buf[0]);
     470  mBoundary.AppendInt(rand_buf[1]);
     471  mBoundary.AppendInt(rand_buf[2]);
    441472}
    442473
    443474FSMultipartFormData::~FSMultipartFormData()