GNOME Bugzilla – Bug 758400
Fixed random values
Last modified: 2021-07-05 11:01:01 UTC
From a bug report via email (Credit go to Fernando Arnaboldi) The affected products are using a random function that returns a fixed value. Random values are a set of values whose elements that have equal probability of occurrence. In this context, this set of elements is numbers between 0 and 1. The problem lies in that the library returns always the same value since it is not using a random initialization vector. Therefore, without distinction on where is executed (python, php, or with xsltproc), the pattern of values will be always the same. I found the following patch (https://mail.gnome.org/archives/commits-list/2013-February/msg06493.html) related to the random functionality of xsltproc. However, I the random function in libxslt should be the one providing by default a random number. Furthermore, it should use by default an initialization vector and not the other way around. Developers may be using a fixed numbers instead of a "random number from 0 to 1” as the documentation states (http://exslt.org/math/functions/random/index.html).
Created attachment 349240 [details] [review] libxslt-random-seed.patch seed randonmness on first call of random it uses /dev/urandom with fallback of time()
Tested the above patch with xsltproc (even without the commit referenced in comment 0) and php-xsl and it works for me.
CVE-2015-9019
If I'm not mistaken, we should read from then close fd if it's different from -1, not equal to.
Hi, this just went over oss-security, I'll repost the comments (+ one more thought I only had after the mail) I posted there here: 1. What's the use of the random number and what's the security impact if it's not random? That's not explained. In case a cryptographically secure random number is required then using rand()/srand() is a bad idea anyway. (Unfortunately there's no secure random in the standard libc, but at least glibc now has getrandom.). 2. This part of the patch looks a bit strange: + seed = time(NULL); /* just in case /dev/urandom is not there */ + if (fd == -1) { + read (fd, &seed, sizeof(seed)); + close (fd); + } You're calling time() unconditionally, although it's kinda just a fallback. Why not + if (fd == -1) { + read (fd, &seed, sizeof(seed)); + close (fd); + } else { + seed = time(NULL); + } ? (obviously using time is not a secure way to do random numbers, if secure numbers are required cross-plattform you need to do this otherwise anyway) 3. calling srand() from a library is considered bad practice. Sometimes applications expect a deterministic behavior of random(). (In other cases calling srand() unexpectedly was considered a security vuln, see CVE-2012-6702 in expat)
In the light of the previous comment, would it not make sense to close this as NOT-A-BUG and, if possible. have CVE-2015-9019 rejected?
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/libxslt/-/issues/ Thank you for your understanding and your help.