Re: libxslt math.random issue

[Marcus Meissner <meissner () suse de>]

On Thu, Apr 06, 2017 at 10:32:45AM +0200, Hanno Böck wrote:
> Hi,
>
> On Thu, 6 Apr 2017 07:44:00 +0200
> Marcus Meissner <meissner () suse de> wrote:
>
> > CVE-2015-9019 has been assigned to use of libexslt (in libxslt) usage
> > of "math.random" without initializing the randomseed.
> >
> > https://bugzilla.gnome.org/show_bug.cgi?id=758400
> > https://bugzilla.suse.com/show_bug.cgi?id=934119
>
> I have some questions and comments:
>
> 1. What's the use of the random number and what's the security impact
> if it's not random? That's not explained
> In case of the bugreport.
> In case a cryptographically secure random number is required then using
> rand()/srand() is a bad idea anyway.
> (Unfortunately there's no secure random in the standard libc, but at
> least glibc now has getrandom.).


It is a bit tricky to find out. I googled some use-cases.

- UUID generation was looked for by 1 stackoverflow user
- some harmless randomness in XSLT conversion for selection random pictures

> 2. This part of the patch looks a bit strange:
>
> +     seed = time(NULL); /* just in case /dev/urandom is not there */
> +     if (fd == -1) {
> +             read (fd, &seed, sizeof(seed));
> +             close (fd);
> +     }
>
> You're calling time() unconditionally, although it's kinda just a
> fallback. Why not
> +     if (fd == -1) {
> +             read (fd, &seed, sizeof(seed));
> +             close (fd);
> +     } else {
> +             seed = time(NULL);
> +     }
> ?
>
> (obviously using time is not a secure way to do random numbers, if
> secure numbers are required cross-plattform you need to do this
> otherwise anyway)

it should be fd != -1 , my bad :/

Ciaop, Marcus