expat 2.1.0 breaks jabberd2
Hi, just upgraded my server from Ubuntu 10.04 to 12.04 and noticed that jabberd2 stopped working. I finally tracked it down to the expat library which now contains a fix for CVE-2012-0876. This fix tries to add some randomisation to expat's own hash tables, but by doing so fiddles with srand and thereby makes the random ids generated by jabberd2 much less random. One way around this is by using the new function XML_SetHashSalt just after creating an XML parser... Christof -- http://cmeerw.org sip:cmeerw at cmeerw.org mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org
Re: expat 2.1.0 breaks jabberd2
Hi! Does jabberd2 work after is re-compiled with 12.04? Anyway, I suspect you blame the following expat's function: static unsigned long generate_hash_secret_salt(void) { unsigned int seed = time(NULL) % UINT_MAX; srand(seed); return rand(); } It is called once (per parser instance) with quite random value based on current time. That's the mostly recommended way to initialize pseudo-random generator as far as I remember so it looks safe for me. BR, Eugene Agafonov. On 06/15/2012 02:51 PM, Christof Meerwald wrote: Hi, just upgraded my server from Ubuntu 10.04 to 12.04 and noticed that jabberd2 stopped working. I finally tracked it down to the expat library which now contains a fix for CVE-2012-0876. This fix tries to add some randomisation to expat's own hash tables, but by doing so fiddles with srand and thereby makes the random ids generated by jabberd2 much less random. One way around this is by using the new function XML_SetHashSalt just after creating an XML parser... Christof
Re: expat 2.1.0 breaks jabberd2
Hi! Find comments embedded. On 06/15/2012 05:08 PM, Christof Meerwald wrote: On Fri, Jun 15, 2012 at 04:25:31PM +0400, Eugene Agafonov wrote: Does jabberd2 work after is re-compiled with 12.04? No. That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1 Any details? Debug logs? Anyway, I suspect you blame the following expat's function: static unsigned long generate_hash_secret_salt(void) { unsigned int seed = time(NULL) % UINT_MAX; srand(seed); return rand(); } It is called once (per parser instance) with quite random value based on current time. That's the mostly recommended way to initialize pseudo-random generator as far as I remember so it looks safe for me. No, the problem is that jabberd2 creates a new parser for each connection and needs a random id for each connection. Now if there are 2 connections within a second, the random number generator gets reseeded with the same initial value and you get the same random id for both connections. Thanks for details! I guess the patch is really needed ;-) Stay tuned: it will come out soon. BR, Eugene Agafonov
Re: expat 2.1.0 breaks jabberd2
D'oh! I got it :-) Stay tuned for patch. On 06/15/2012 05:14 PM, Eugene Agafonov wrote: That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1 Any details? Debug logs?
Re: expat 2.1.0 breaks jabberd2
Patch is out https://github.com/Jabberd2/jabberd2/pull/5 On Fri, Jun 15, 2012 at 5:21 PM, Eugene Agafonov e.a.agafo...@gmail.comwrote: D'oh! I got it :-) Stay tuned for patch. On 06/15/2012 05:14 PM, Eugene Agafonov wrote: That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1 Any details? Debug logs?
Re: expat 2.1.0 breaks jabberd2
Dnia 2012-06-15, piÄ… o godzinie 22:44 +0400, Eugene Agafonov pisze: Patch is out https://github.com/Jabberd2/jabberd2/pull/5 Ahhh... Pesky expat... Merged. Thank you. :-) -- Tomasz Sterna Instant Messaging Consultant : Open Source Developer http://tomasz.sterna.tv/ http://www.xiaoka.com/portfolio