From: Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
Date: Thu, 8 Oct 2020 18:54:13 +0000 (+0000)
Subject: Merge pull request #2503 in SNORT/snort3 from ~OKHOMIAK/snort3:ipv4_codec_seed_fix... 
X-Git-Tag: 3.0.3-3~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=636f5b61b3e56b601c5ced78bcc46357bd9dccf3;p=thirdparty%2Fsnort3.git

Merge pull request #2503 in SNORT/snort3 from ~OKHOMIAK/snort3:ipv4_codec_seed_fix to master

Squashed commit of the following:

commit e78a4bc6b5663229ec919a626ad8c942c0d3734e
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date:   Mon Sep 28 11:54:51 2020 +0300

    utils: add a generic function to get random seeds

    If std::random_device fails with an exception,
    the system clock is used as an alternative source.
---

diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc
index 41cb84662..3d63e9ac4 100644
--- a/src/codecs/ip/cd_ipv4.cc
+++ b/src/codecs/ip/cd_ipv4.cc
@@ -38,6 +38,7 @@
 #include "protocols/ipv4_options.h"
 #include "protocols/tcp.h"
 #include "sfip/sf_ipvar.h"
+#include "utils/util.h"
 
 #include "checksum.h"
 
@@ -742,13 +743,7 @@ static void ipv4_codec_gterm()
 
 static void ipv4_codec_tinit()
 {
-    std::random_device rd; // for a good seed
-    auto id = rd();
-
-    if (SnortConfig::static_hash())
-        id = 1;
-
-    thread_rand = new std::mt19937(id);
+    thread_rand = new std::mt19937(SnortConfig::static_hash() ? 1 : get_random_seed());
 }
 
 static void ipv4_codec_tterm()
diff --git a/src/stream/flush_bucket.cc b/src/stream/flush_bucket.cc
index c1d4195f5..bb8d84271 100644
--- a/src/stream/flush_bucket.cc
+++ b/src/stream/flush_bucket.cc
@@ -27,6 +27,7 @@
 #include <random>
 
 #include "main/snort_config.h"
+#include "utils/util.h"
 
 using namespace snort;
 
@@ -114,8 +115,7 @@ StaticFlushBucket::StaticFlushBucket()
 
 RandomFlushBucket::RandomFlushBucket()
 {
-    std::random_device random_dev;
-    std::default_random_engine generator(random_dev());
+    std::default_random_engine generator(get_random_seed());
     std::uniform_int_distribution<int> distribution(128, 255);
 
     for ( int i = 0; i < NUM_FLUSH_POINTS; i++ )
diff --git a/src/utils/util.cc b/src/utils/util.cc
index 2c4208038..e6c02ac0f 100644
--- a/src/utils/util.cc
+++ b/src/utils/util.cc
@@ -53,7 +53,9 @@ extern "C" {
 #include <daq.h>
 }
 
+#include <chrono>
 #include <fstream>
+#include <random>
 
 #include "log/messages.h"
 #include "main/build.h"
@@ -459,6 +461,19 @@ bool EnterChroot(std::string& root_dir, std::string& log_dir)
     return true;
 }
 
+unsigned int get_random_seed()
+{
+    unsigned int seed;
+
+    try {
+        seed = std::random_device{}();
+    } catch ( const std::exception& ) {
+        seed = std::chrono::system_clock::now().time_since_epoch().count();
+    }
+
+    return seed;
+}
+
 #if defined(NOCOREFILE)
 void SetNoCores()
 {
diff --git a/src/utils/util.h b/src/utils/util.h
index ab439d91d..6489ea1b4 100644
--- a/src/utils/util.h
+++ b/src/utils/util.h
@@ -54,6 +54,7 @@ bool SetUidGid(int, int);
 void InitGroups(int, int);
 bool EnterChroot(std::string& root_dir, std::string& log_dir);
 void InitProtoNames();
+unsigned int get_random_seed();
 
 #if defined(NOCOREFILE)
 void SetNoCores();