Use getentropy() if arc4random_buf() is not available

This allows to fix CVE-2017-2626 on Linux platforms without pulling in libbsd. The libc getentropy() is available since glibc 2.25 but also on OpenBSD. For Linux, we need at least a v3.17 kernel. If the recommended arc4random_buf() function is not available, emulate it by first trying to use getentropy() on a supported glibc and kernel. If the call fails, fall back to the current (partly vulnerable) code. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
author: Benjamin Tissoires <benjamin.tissoires@gmail.com> 2017-04-04 19:12:53 +0200
committer: Peter Hutterer <peter.hutterer@who-t.net> 2017-04-24 11:09:01 +1000
commit: ff5e59f32255913bb1cdf51441b98c9107ae165b (patch)
tree: 313b2611fafd67b91640680e25bb454df4c3f69b /configure.ac
parent: 1746abbb1ae1c41ba29c14895c5bd3f1334faef5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index 458882a..c971ab6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
 
 # Checks for library functions.
 AC_CHECK_LIB([bsd], [arc4random_buf])
-AC_CHECK_FUNCS([asprintf arc4random_buf])
+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
 
 # Allow checking code with lint, sparse, etc.
 XORG_WITH_LINT
author	Benjamin Tissoires <benjamin.tissoires@gmail.com>	2017-04-04 19:12:53 +0200
committer	Peter Hutterer <peter.hutterer@who-t.net>	2017-04-24 11:09:01 +1000
commit	ff5e59f32255913bb1cdf51441b98c9107ae165b (patch)
tree	313b2611fafd67b91640680e25bb454df4c3f69b /configure.ac
parent	1746abbb1ae1c41ba29c14895c5bd3f1334faef5 (diff)