Make EXPAT_ENTROPY_DEBUG=1 print entropy source and bytes

2025-04-13 00:02:54 +00:00 · 2017-05-31 12:40:28 +02:00 · 2017-05-31 12:40:28 +02:00 · 9e02465f09
commit 9e02465f09
parent ad8521ca84
2 changed files with 21 additions and 5 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -9,6 +9,7 @@ Release ??????????
                  In a way, that's still part of CVE-2016-5300.
                  For packaging, feel free to configure using
                  --(with|without)-libbsd to bypass auto-detection.
+                  For run-time debug output, EXPAT_ENTROPY_DEBUG=1 can be used.

        Bug fixes:
            #539  Fix regression from fix to CVE-2016-0718 cutting off
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@ -6,6 +6,8 @@
 #include <string.h>                     /* memset(), memcpy() */
 #include <assert.h>
 #include <limits.h>                     /* UINT_MAX */
+#include <stdio.h>                      /* fprintf */
+#include <stdlib.h>                     /* getenv */

 #ifdef _WIN32
 #define getpid GetCurrentProcessId
@ -783,6 +785,18 @@ gather_time_entropy(void)
 # include <bsd/stdlib.h>
 #endif

+static unsigned long
+ENTROPY_DEBUG(const char * label, unsigned long entropy) {
+  const char * const EXPAT_ENTROPY_DEBUG = getenv("EXPAT_ENTROPY_DEBUG");
+  if (EXPAT_ENTROPY_DEBUG && ! strcmp(EXPAT_ENTROPY_DEBUG, "1")) {
+    fprintf(stderr, "Entropy: %s --> 0x%0*lx (%lu bytes)\n",
+        label,
+        (int)sizeof(unsigned long) * 2, entropy,
+        sizeof(unsigned long));
+  }
+  return entropy;
+}
+
 static unsigned long
 generate_hash_secret_salt(XML_Parser parser)
 {
@ -791,16 +805,16 @@ generate_hash_secret_salt(XML_Parser parser)
 #if defined(HAVE_ARC4RANDOM_BUF) || defined(__CloudABI__)
  (void)gather_time_entropy;
  arc4random_buf(&entropy, sizeof(entropy));
-  return entropy;
+  return ENTROPY_DEBUG("arc4random_buf", entropy);
 #else
  /* Try high quality providers first .. */
 #ifdef _WIN32
  if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) {
-    return entropy;
+    return ENTROPY_DEBUG("RtlGenRandom", entropy);
  }
 #elif defined(HAVE_GETRANDOM)
  if (writeRandomBytes_getrandom((void *)&entropy, sizeof(entropy))) {
-    return entropy;
+    return ENTROPY_DEBUG("getrandom", entropy);
  }
 #endif
  /* .. and self-made low quality for backup: */
@ -810,9 +824,10 @@ generate_hash_secret_salt(XML_Parser parser)

  /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
  if (sizeof(unsigned long) == 4) {
-    return entropy * 2147483647;
+    return ENTROPY_DEBUG("fallback(4)", entropy * 2147483647);
  } else {
-    return entropy * (unsigned long)2305843009213693951;
+    return ENTROPY_DEBUG("fallback(8)",
+        entropy * (unsigned long)2305843009213693951);
  }
 #endif
 }