Last Comment Bug 356595 - On Windows, RNG_SystemInfoForRNG calls GetCurrentProcess, which returns the constant (HANDLE)-1.
: On Windows, RNG_SystemInfoForRNG calls GetCurrentProcess, which returns the c...
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.11.3
: x86 Windows XP
: -- normal (vote)
: 3.12
Assigned To: Wan-Teh Chang
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-13 11:29 PDT by Wan-Teh Chang
Modified: 2006-10-17 14:14 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Proposed patch (1.76 KB, patch)
2006-10-13 11:36 PDT, Wan-Teh Chang
glenbeasley: review+
neil.williams: superreview+
Details | Diff | Splinter Review
Patch as checked in (1020 bytes, patch)
2006-10-17 10:59 PDT, Wan-Teh Chang
no flags Details | Diff | Splinter Review

Description Wan-Teh Chang 2006-10-13 11:29:45 PDT
On Windows, RNG_SystemInfoForRNG calls GetCurrentProcess to
get the current process's handle.  But this handle is a
pseudo handle and is a special constant, currently 0xffffffff,
or (HANDLE)-1.  There is no time-varying or machine-varying
bit in that value.
Comment 1 Wan-Teh Chang 2006-10-13 11:36:59 PDT
Created attachment 242213 [details] [diff] [review]
Proposed patch

It is possible to call DuplicateHandle on the pseudo process handle
to get the real process handle, but I am going to do a quick fix today.
I'm going to replace the GetCurrentProcess call with a GetCurrentThreadId
call.
Comment 2 Nelson Bolyard (seldom reads bugmail) 2006-10-13 12:17:54 PDT
What "fix"?
It never hurts to input constant data into a PRNG.  
It doesn't lessen the PRNG's entropy any.
This can't be high priority.
Comment 3 Wan-Teh Chang 2006-10-13 14:57:49 PDT
The GetCurrentProcess call is useless and it's easy to
replace it with a GetCurrentThreadId call, which returns
a time-varying (system global) thread id.  I can keep the
GetCurrentProcess call with a comment noting that it returns
a constant.  If you don't want me to add the GetCurrentThreadId
call on the NSS_3_11_BRANCH, I'll only add it to the NSS trunk.
Comment 4 Wan-Teh Chang 2006-10-17 10:59:44 PDT
Created attachment 242525 [details] [diff] [review]
Patch as checked in

I did not remove the GetCurrentProcess call.  I just
noted in the comment that it returns a constant pseudo
handle.

I only checked in the patch on the NSS trunk (NSS 3.12).

Checking in win_rand.c;
/cvsroot/mozilla/security/nss/lib/freebl/win_rand.c,v  <--  win_rand.c
new revision: 1.12; previous revision: 1.11
done
Comment 5 Wan-Teh Chang 2006-10-17 14:14:37 PDT
GetCurrentProcess returns 0xffffffff, or (HANDLE) -1.
GetCurrentThread returns 0xfffffffe.  Both are pseudo
handles.

Note You need to log in before you can comment on or make changes to this bug.