From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 24 Feb 2015 00:43:54 +0000 (+1300)
Subject: lib/talloc: Provide multiple-loading detection for libtalloc via rand()
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=4a4664a80e20544097cdd075ca5d1423e6a9b364;p=obnox%2Fsamba%2Fsamba-obnox.git

lib/talloc: Provide multiple-loading detection for libtalloc via rand()

The use of rand() is strongly discrouanged, but here is it ideal, as we just want to select a different
set of random bytes if we are called again within the same process.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 37a65225903..b35e1c20620 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -320,7 +320,22 @@ void talloc_lib_init(void)
 	 */
 	p = (uint8_t *) getauxval(AT_RANDOM);
 	if (p) {
-		memcpy(&random_value, p, sizeof(random_value));
+		/*
+		 * We get 16 bytes from getauxval.  By calling rand(),
+		 * a totally insecure PRNG, but one that will
+		 * deterministically have a different value when called
+		 * twice, we ensure that if two talloc-like libraries
+		 * are somehow loaded in the same address space, that
+		 * because we choose different bytes, we will keep the
+		 * protection against collision of multiple talloc
+		 * libs.
+		 *
+		 * This protection is important because the effects of
+		 * passing a talloc pointer from one to the other may
+		 * be very hard to determine.
+		 */
+		int offset = rand() % (16 - sizeof(random_value));
+		memcpy(&random_value, p + offset, sizeof(random_value));
 	} else
 #endif
 	{