Page MenuHomePhabricator
Files F12515566

Scribunto-SECURITY-Reduce-precision-on-os.clock-to-mitigate-ti.patch
Anomie
Actions

Authored By
Anomie
Jan 12 2018, 6:41 PM
Size
943 B
Referenced Files
None
Subscribers
None

Scribunto-SECURITY-Reduce-precision-on-os.clock-to-mitigate-ti.patch
View Options

From e2800f28430c8ff65ef2345c0e8200af762138fd Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Fri, 12 Jan 2018 13:35:01 -0500
Subject: [PATCH] SECURITY: Reduce precision on os.clock() to mitigate timing
attacks
Bug: T184156
Change-Id: I2b5cc177bded1a9b5600d77116e67817841204be
---
engines/LuaCommon/lualib/mwInit.lua | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/engines/LuaCommon/lualib/mwInit.lua b/engines/LuaCommon/lualib/mwInit.lua
index d3113bb..c1667ef 100644
--- a/engines/LuaCommon/lualib/mwInit.lua
+++ b/engines/LuaCommon/lualib/mwInit.lua
@@ -26,6 +26,15 @@ do
end
end
+-- Reduce precision on os.clock to mitigate timing attacks
+do
+ local old_clock = os.clock
+ os.clock = function ()
+ local v = old_clock()
+ return math.floor( v * 50000 + 0.5 ) / 50000
+ end
+end
+
--- Do a "deep copy" of a table or other value.
function mw.clone( val )
local tableRefs = {}
--
2.15.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5394105
Default Alt Text
Scribunto-SECURITY-Reduce-precision-on-os.clock-to-mitigate-ti.patch (943 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits