[2/3] libdrm: fix more potential security issues

Message ID	1398437920-17394-3-git-send-email-tim.gore@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <intel-gfx-bounces@lists.freedesktop.org> From: tim.gore@intel.com To: intel-gfx@lists.freedesktop.org Date: Fri, 25 Apr 2014 15:58:39 +0100 Message-Id: <1398437920-17394-3-git-send-email-tim.gore@intel.com> In-Reply-To: <1398437920-17394-1-git-send-email-tim.gore@intel.com> References: <1398437920-17394-1-git-send-email-tim.gore@intel.com> Subject: [Intel-gfx] [PATCH 2/3] libdrm: fix more potential security issues Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>

Message ID

1398437920-17394-3-git-send-email-tim.gore@intel.com (mailing list archive)

State

New, archived

Headers

From: tim.gore@intel.com
To: intel-gfx@lists.freedesktop.org
Date: Fri, 25 Apr 2014 15:58:39 +0100
Message-Id: <1398437920-17394-3-git-send-email-tim.gore@intel.com>
In-Reply-To: <1398437920-17394-1-git-send-email-tim.gore@intel.com>
References: <1398437920-17394-1-git-send-email-tim.gore@intel.com>
Subject: [Intel-gfx] [PATCH 2/3] libdrm: fix more potential security issues
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: intel-gfx-bounces@lists.freedesktop.org
Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>

Commit Message

tim.gore@intel.com April 25, 2014, 2:58 p.m. UTC

From: Tim Gore <tim.gore@intel.com>

A static analysis of libdrm source code has identified several
potential bugs. This commit addresses the critical issues in
xf86drmHash.c, which are all potential null pointer dereferences.
NOTE: I have kept to the indenting style already used in this file,
which is a mixture of spaces and tabs.

Signed-off-by: Tim Gore <tim.gore@intel.com>
---
 xf86drmHash.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/xf86drmHash.c b/xf86drmHash.c
index 82cbc2a..7e6ba44 100644
--- a/xf86drmHash.c
+++ b/xf86drmHash.c
@@ -91,6 +91,7 @@ 
 #define HASH_RANDOM_INIT(seed)  srandom(seed)
 #define HASH_RANDOM             random()
 #define HASH_RANDOM_DESTROY
+#define HASH_RANDOM_OK          (1)
 #else
 #define HASH_ALLOC drmMalloc
 #define HASH_FREE  drmFree
@@ -98,6 +99,7 @@ 
 #define HASH_RANDOM_INIT(seed)  state = drmRandomCreate(seed)
 #define HASH_RANDOM             drmRandom(state)
 #define HASH_RANDOM_DESTROY     drmRandomDestroy(state)
+#define HASH_RANDOM_OK          (state != NULL)
 
 #endif
 
@@ -137,8 +139,14 @@  static unsigned long HashHash(unsigned long key)
     if (!init) {
 	HASH_RANDOM_DECL;
 	HASH_RANDOM_INIT(37);
-	for (i = 0; i < 256; i++) scatter[i] = HASH_RANDOM;
-	HASH_RANDOM_DESTROY;
+	if (HASH_RANDOM_OK) {
+	    for (i = 0; i < 256; i++) scatter[i] = HASH_RANDOM;
+	    HASH_RANDOM_DESTROY;
+	} else {
+	    /* if we failed to allocate our random number state, fall back on random() */
+	    srandom(37);
+	    for (i = 0; i < 256; i++) scatter[i] = random();
+	}
 	++init;
     }

[2/3] libdrm: fix more potential security issues

Commit Message

Patch