expat 2.1.0 breaks jabberd2

2012-06-15 Thread Christof Meerwald 
Hi,

just upgraded my server from Ubuntu 10.04 to 12.04 and noticed that
jabberd2 stopped working.

I finally tracked it down to the expat library which now contains a
fix for CVE-2012-0876. This fix tries to add some randomisation to
expat's own hash tables, but by doing so fiddles with srand and
thereby makes the random ids generated by jabberd2 much less random.

One way around this is by using the new function XML_SetHashSalt just
after creating an XML parser...


Christof

-- 

http://cmeerw.org  sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org   xmpp:cmeerw at cmeerw.org

Re: expat 2.1.0 breaks jabberd2

2012-06-15 Thread Eugene Agafonov 

Hi!

Does jabberd2 work after is re-compiled with 12.04?

Anyway, I suspect you blame the following expat's function:

static unsigned long
generate_hash_secret_salt(void)
{
  unsigned int seed = time(NULL) % UINT_MAX;
  srand(seed);
  return rand();
}

It is called once (per parser instance) with quite random value based on 
current time.
That's the mostly recommended way  to initialize pseudo-random generator 
as far as I remember

so it looks safe for me.


BR, Eugene Agafonov.

On 06/15/2012 02:51 PM, Christof Meerwald wrote:

Hi,

just upgraded my server from Ubuntu 10.04 to 12.04 and noticed that
jabberd2 stopped working.

I finally tracked it down to the expat library which now contains a
fix for CVE-2012-0876. This fix tries to add some randomisation to
expat's own hash tables, but by doing so fiddles with srand and
thereby makes the random ids generated by jabberd2 much less random.

One way around this is by using the new function XML_SetHashSalt just
after creating an XML parser...


Christof

Re: expat 2.1.0 breaks jabberd2

2012-06-15 Thread Eugene Agafonov 

Hi!
Find comments embedded.


On 06/15/2012 05:08 PM, Christof Meerwald wrote:

On Fri, Jun 15, 2012 at 04:25:31PM +0400, Eugene Agafonov wrote:

Does jabberd2 work after is re-compiled with 12.04?

No.

That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1
Any details? Debug logs?

Anyway, I suspect you blame the following expat's function:

static unsigned long
generate_hash_secret_salt(void)
{
   unsigned int seed = time(NULL) % UINT_MAX;
   srand(seed);
   return rand();
}

It is called once (per parser instance) with quite random value
based on current time.
That's the mostly recommended way  to initialize pseudo-random
generator as far as I remember
so it looks safe for me.

No, the problem is that jabberd2 creates a new parser for each
connection and needs a random id for each connection. Now if there are
2 connections within a second, the random number generator gets
reseeded with the same initial value and you get the same random id
for both connections.

Thanks for details! I guess the patch is really needed ;-)
Stay tuned: it will come out soon.

BR, Eugene Agafonov

Re: expat 2.1.0 breaks jabberd2

2012-06-15 Thread Eugene Agafonov 

D'oh!  I got it :-)
Stay tuned for patch.

On 06/15/2012 05:14 PM, Eugene Agafonov wrote:
That's strange.. It works perfect on Debian Testing with 
libexpat1_2.1.0-1

Any details? Debug logs?

Re: expat 2.1.0 breaks jabberd2

2012-06-15 Thread Eugene Agafonov 
Patch is out
https://github.com/Jabberd2/jabberd2/pull/5


On Fri, Jun 15, 2012 at 5:21 PM, Eugene Agafonov e.a.agafo...@gmail.comwrote:

 D'oh!  I got it :-)
 Stay tuned for patch.


 On 06/15/2012 05:14 PM, Eugene Agafonov wrote:

 That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1
 Any details? Debug logs?

Re: expat 2.1.0 breaks jabberd2

2012-06-15 Thread Tomasz Sterna 
Dnia 2012-06-15, piÄ… o godzinie 22:44 +0400, Eugene Agafonov pisze:
 Patch is out https://github.com/Jabberd2/jabberd2/pull/5 

Ahhh... Pesky expat...
Merged.

Thank you. :-)


-- 
Tomasz Sterna
Instant Messaging Consultant : Open Source Developer
http://tomasz.sterna.tv/  http://www.xiaoka.com/portfolio