[tbb-commits] [tor-browser-bundle/master] Bug 13169: Don't use /dev/random on Windows.

gk at torproject.org gk at torproject.org
Mon Feb 16 16:15:01 UTC 2015


commit d4950e565f93396ebbd310c71e49576af9224d25
Author: Georg Koppen <gk at torproject.org>
Date:   Mon Feb 16 17:13:47 2015 +0000

    Bug 13169: Don't use /dev/random on Windows.
    
    This patch got done by skruffy and is a backport of the one merged into
    GCC trunk as commit 19fef1633156a2c7ddd267b43d08f1b245a6e1f4.
---
 gitian/descriptors/windows/gitian-utils.yml |    5 ++
 gitian/patches/gcc-dev-random.patch         |   72 +++++++++++++++++++++++++++
 2 files changed, 77 insertions(+)

diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml
index 7846e59..bef262d 100644
--- a/gitian/descriptors/windows/gitian-utils.yml
+++ b/gitian/descriptors/windows/gitian-utils.yml
@@ -28,6 +28,7 @@ files:
 - "gmp.tar.bz2"
 - "enable-reloc-section-ld.patch"
 - "peXXigen.patch"
+- "gcc-dev-random.patch"
 - "versions"
 - "dzip.sh"
 script: |
@@ -64,6 +65,10 @@ script: |
   mkdir gcc
   cd gcc
   tar -xjvf ../gcc.tar.bz2
+  cd gcc-*
+  # Don't use /dev/random on Windows. See bug 13169 for details.
+  patch -p1 < ../../gcc-dev-random.patch
+  cd ..
   # We don't want to link against msvcrt.dll due to bug 9084.
   i686-w64-mingw32-g++ -dumpspecs > ~/build/msvcr100.spec
   sed 's/msvcrt/msvcr100/' -i ~/build/msvcr100.spec
diff --git a/gitian/patches/gcc-dev-random.patch b/gitian/patches/gcc-dev-random.patch
new file mode 100644
index 0000000..9757f92
--- /dev/null
+++ b/gitian/patches/gcc-dev-random.patch
@@ -0,0 +1,72 @@
+From b0ce14899060267b5b5e4d7e3d91edcdf5c09514 Mon Sep 17 00:00:00 2001
+From: law <law at 138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Tue, 10 Feb 2015 01:44:08 +0000
+Subject: [PATCH] * ssp.c (__guard_setup): For Windows, use approved methods
+ to get a suitable random number for the stack check guard
+ rather than reading /dev/random.
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@220559 138bc75d-0d04-0410-961f-82ee72b054a4
+---
+ libssp/ChangeLog |    7 +++++++
+ libssp/ssp.c     |   16 ++++++++++++++++
+ 2 files changed, 23 insertions(+)
+
+diff --git a/libssp/ChangeLog b/libssp/ChangeLog
+index a445537..676d2a7 100644
+--- a/libssp/ChangeLog
++++ b/libssp/ChangeLog
+@@ -1,3 +1,10 @@
++2015-02-09  Georg Koppen  <gk at torproject.org>
++
++	* ssp.c: Conditionally include <windows.h>
++	(__guard_setup): For Windows, use approved methods to get
++	a suitable random number for the stack check guard rather
++	than reading /dev/random.
++
+ 2014-07-16  Release Manager
+ 
+ 	* GCC 4.9.1 released.
+diff --git a/libssp/ssp.c b/libssp/ssp.c
+index 96adf17..38e3ec8 100644
+--- a/libssp/ssp.c
++++ b/libssp/ssp.c
+@@ -55,6 +55,7 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
+ /* Native win32 apps don't know about /dev/tty but can print directly
+    to the console using  "CONOUT$"   */
+ #if defined (_WIN32) && !defined (__CYGWIN__)
++#include <windows.h>
+ # define _PATH_TTY "CONOUT$"
+ #else
+ # define _PATH_TTY "/dev/tty"
+@@ -75,6 +76,20 @@ __guard_setup (void)
+   if (__stack_chk_guard != 0)
+     return;
+ 
++#if defined (_WIN32) && !defined (__CYGWIN__)
++  HCRYPTPROV hprovider = 0;
++  if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
++                          CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
++    {
++      if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard),
++          (BYTE *)&__stack_chk_guard) &&  __stack_chk_guard != 0)
++        {
++           CryptReleaseContext(hprovider, 0);
++           return;
++        }
++      CryptReleaseContext(hprovider, 0);
++    }
++#else
+   fd = open ("/dev/urandom", O_RDONLY);
+   if (fd != -1)
+     {
+@@ -85,6 +100,7 @@ __guard_setup (void)
+         return;
+     }
+ 
++#endif
+   /* If a random generator can't be used, the protector switches the guard
+      to the "terminator canary".  */
+   p = (unsigned char *) &__stack_chk_guard;
+-- 
+1.7.10.4
+



More information about the tbb-commits mailing list