Closed
Bug 327161
Opened 19 years ago
Closed 18 years ago
nsUUIDGenerator subject to reseeding woes
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
People
(Reporter: bzbarsky, Assigned: vlad)
References
Details
(Keywords: fixed1.8.1)
Attachments
(3 files, 1 obsolete file)
2.09 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
3.31 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
3.07 KB,
patch
|
beltzner
:
approval1.8.1+
|
Details | Diff | Splinter Review |
nsUUIDGenerator uses random(), which it seeds once (at init time). Unfortunately, there are lots of other uses of rand/srand (and a few of random/srandom), and I wouldn't rely on people not seeding with the same thing over and over. Which would be bad, since it would cause duplicate IIDs.
Perhaps we should reseed for each get of a uuid? Possibly using the last returned thing as the seed or something?
I'd really like this for bug 326506.
Assignee | ||
Comment 1•19 years ago
|
||
Reseeding sounds fine to me; it would be even better if we had a prng with local state we could use.. not sure if NSS provides anything that could help.
Reporter | ||
Comment 2•19 years ago
|
||
Kai, do you know what NSS/PSM provide for us here?
Comment 3•19 years ago
|
||
isn't uuidgenerator in XPCOM?
Comment 4•19 years ago
|
||
Since this implementation lives in XPCOM, NSS cannot provide anything directly (other than source code).
Reporter | ||
Comment 5•19 years ago
|
||
Ugh. And NSPR certainly doesn't provide anything... yet.
Comment 6•19 years ago
|
||
XPCOM could poke an API that it defines that PSM implements.
Reporter | ||
Comment 7•19 years ago
|
||
We're using this for security stuff on trunk now, so we really need to get this done before we ship Gecko 1.9.
Flags: blocking1.9a1+
Assignee: dougt → vladimir
Flags: blocking1.9+
Reporter | ||
Comment 8•18 years ago
|
||
It looks like bug 279521 landed on branch, so we need to get this fixed there too, imo...
Blocks: 279521
Flags: blocking1.8.1?
Updated•18 years ago
|
Flags: blocking1.8.1? → blocking1.8.1+
Assignee | ||
Comment 9•18 years ago
|
||
Save/restore the RNG state we initialize with initstate around each call. (Tested this with explicitly putting a srandom(5) before the setstate call in generateUUID, seems to work.)
Attachment #233595 -
Flags: review?(bzbarsky)
Reporter | ||
Comment 10•18 years ago
|
||
Comment on attachment 233595 [details] [diff] [review]
always restore our own private RNG state
Looks good! Thanks!
Attachment #233595 -
Flags: superreview+
Attachment #233595 -
Flags: review?(bzbarsky)
Attachment #233595 -
Flags: review+
Assignee | ||
Comment 11•18 years ago
|
||
Comment on attachment 233595 [details] [diff] [review]
always restore our own private RNG state
Requesting a1.8.1; simple patch, avoids reseeding issues with uuid generator.
Attachment #233595 -
Flags: approval1.8.1?
Assignee | ||
Comment 12•18 years ago
|
||
Checking in nsUUIDGenerator.cpp;
/cvsroot/mozilla/xpcom/base/nsUUIDGenerator.cpp,v <-- nsUUIDGenerator.cpp
new revision: 1.7; previous revision: 1.6
done
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 13•18 years ago
|
||
Attempt to fix btek; I think this should initialize the internal state buffer so that initstate() doesn't return NULL (and so that setstate doesn't crash when we pass in NULL).
Attachment #233648 -
Flags: review?(bzbarsky)
Reporter | ||
Comment 14•18 years ago
|
||
Comment on attachment 233648 [details] [diff] [review]
attempt to fix btek
Let's give it a shot!
Attachment #233648 -
Flags: superreview+
Attachment #233648 -
Flags: review?(bzbarsky)
Attachment #233648 -
Flags: review+
Updated•18 years ago
|
Whiteboard: [baking until 08/15]
Assignee | ||
Comment 15•18 years ago
|
||
Note that this caused btek orange due to old glibc, but I'm trying to figure out whether it's a btek problem or if newer glibc is just masking another problem.
Assignee | ||
Comment 16•18 years ago
|
||
Real fix for btek, tested live on btek already. Apparently btek's glibc has a bug in the return value from setstate().. it seems to return bogus values.
Attachment #233648 -
Attachment is obsolete: true
Attachment #233700 -
Flags: review?(bzbarsky)
Reporter | ||
Updated•18 years ago
|
Attachment #233700 -
Flags: superreview+
Attachment #233700 -
Flags: review?(bzbarsky)
Attachment #233700 -
Flags: review+
Assignee | ||
Comment 17•18 years ago
|
||
Branch patch with combination of above stuff, ready for checkin once approved tomorrow
Attachment #233701 -
Flags: approval1.8.1?
Assignee | ||
Updated•18 years ago
|
Attachment #233595 -
Flags: approval1.8.1?
Comment 18•18 years ago
|
||
Comment on attachment 233701 [details] [diff] [review]
branch patch, with above goop combined
a=beltzner on behalf of drivers for the mozilla_1_8_branch
Attachment #233701 -
Flags: approval1.8.1? → approval1.8.1+
Assignee | ||
Comment 19•18 years ago
|
||
Checked in on 1.8.1.
Keywords: fixed1.8.1
Whiteboard: [baking until 08/15]
Comment 20•18 years ago
|
||
I think it is not so good idea to allow exit nsUUIDGenerator::Init()
with mSavedState uninitialized:
http://lxr.mozilla.org/seamonkey/source/xpcom/base/nsUUIDGenerator.cpp#88
even if we return NS_ERROR_FAILURE.
See
https://bugzilla.mozilla.org/show_bug.cgi?id=349526#c40
You need to log in
before you can comment on or make changes to this bug.
Description
•