From: Eric Leblond <eric@regit.org>
Date: Wed, 23 May 2018 06:57:13 +0000 (+0200)
Subject: util-random: workaround getrandom unavailability
X-Git-Tag: suricata-4.0.5~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60fc0f9433caa79c809a35c1f8f5ab9967c7b836;p=thirdparty%2Fsuricata.git

util-random: workaround getrandom unavailability

getrandom syscall availability is detected at runtime. So it is
possible that the build is done on a box that supports it but
the run is done on a system with no availability. So a workaround
solution is needed to fix this case.

Also we have seen some issue in docker environment where the build
is detecting getrandom but where it does not work at runtime.

For both reasons, the code is updated to have a call to a fallback
function if ever the getrandom call returns that the syscall is
not available.
---

diff --git a/src/util-random.c b/src/util-random.c
index 1abc036d33..5a709dc66c 100644
--- a/src/util-random.c
+++ b/src/util-random.c
@@ -27,6 +27,33 @@
 #include "suricata-common.h"
 #include "util-random.h"
 
+#if defined(HAVE_CLOCK_GETTIME)
+
+static long int RandomGetClock(void)
+{
+    struct timespec ts;
+    clock_gettime(CLOCK_REALTIME, &ts);
+
+    srandom(ts.tv_nsec ^ ts.tv_sec);
+    long int value = random();
+    return value;
+}
+
+#elif !(defined(HAVE_WINCRYPT_H) &&  defined(OS_WIN32))
+
+static long int RandomGetPosix(void)
+{
+    struct timeval tv;
+    memset(&tv, 0, sizeof(tv));
+    gettimeofday(&tv, NULL);
+
+    srandom(tv.tv_usec ^ tv.tv_sec);
+    long int value = random();
+    return value;
+}
+
+#endif
+
 #if defined(HAVE_WINCRYPT_H) && defined(OS_WIN32)
 #include <wincrypt.h>
 
@@ -62,6 +89,13 @@ long int RandomGet(void)
     /* ret should be sizeof(value), but if it is > 0 and < sizeof(value)
      * it's still better than nothing so we return what we have */
     if (ret <= 0) {
+        if (ret == -ENOSYS) {
+#if defined(HAVE_CLOCK_GETTIME)
+            return RandomGetClock();
+#else
+            return RandomGetPosix();
+#endif
+        }
         return -1;
     }
     return value;
@@ -72,12 +106,7 @@ long int RandomGet(void)
     if (g_disable_randomness)
         return 0;
 
-    struct timespec ts;
-    clock_gettime(CLOCK_REALTIME, &ts);
-
-    srandom(ts.tv_nsec ^ ts.tv_sec);
-    long int value = random();
-    return value;
+    return RandomGetClock();
 }
 #else
 long int RandomGet(void)
@@ -85,12 +114,6 @@ long int RandomGet(void)
     if (g_disable_randomness)
         return 0;
 
-    struct timeval tv;
-    memset(&tv, 0, sizeof(tv));
-    gettimeofday(&tv, NULL);
-
-    srandom(tv.tv_usec ^ tv.tv_sec);
-    long int value = random();
-    return value;
+    return RandomGetPosix();
 }
 #endif