luasandbox-SECURITY-Reduce-precision-on-os.clock-to-mitigate-ti.patch
Anomie
Actions

Authored By

	Anomie
	Jan 12 2018, 6:42 PM

Size

1 KB

Referenced Files

None

Subscribers

None

luasandbox-SECURITY-Reduce-precision-on-os.clock-to-mitigate-ti.patch
View Options

	From 9bf47f75e221584c9dbfaf36b9df3fead497dbd0 Mon Sep 17 00:00:00 2001
	From: Brad Jorsch <bjorsch@wikimedia.org>
	Date: Fri, 12 Jan 2018 13:27:45 -0500
	Subject: [PATCH] SECURITY: Reduce precision on os.clock() to mitigate timing
	attacks

	Bug: T184156
	Change-Id: I3defbb9aefd018d9cfe4a1389ec57afcc417825a
	---
	library.c \| 12 ++++++++++--
	1 file changed, 10 insertions(+), 2 deletions(-)

	diff --git a/library.c b/library.c
	index 32b807e..76168af 100644
	--- a/library.c
	+++ b/library.c
	@@ -11,6 +11,7 @@
	#include <lua.h>
	#include <lauxlib.h>
	#include <lualib.h>
	+#include <math.h>

	#include "php.h"
	#include "php_luasandbox.h"
	@@ -450,14 +451,21 @@ static int luasandbox_base_xpcall (lua_State *L)
	*/
	static int luasandbox_os_clock(lua_State * L)
	{
	+ double clock;
	+
	#ifdef LUASANDBOX_NO_CLOCK
	- lua_pushnumber(L, ((lua_Number)clock())/(lua_Number)CLOCKS_PER_SEC);
	+ clock = ((double)clock())/(double)CLOCKS_PER_SEC;
	#else
	struct timespec ts;
	php_luasandbox_obj * sandbox = luasandbox_get_php_obj(L);
	luasandbox_timer_get_usage(&sandbox->timer, &ts);
	- lua_pushnumber(L, ts.tv_sec + 1e-9 * ts.tv_nsec);
	+ clock = ts.tv_sec + 1e-9 * ts.tv_nsec;
	#endif
	+
	+ // Reduce precision to 20μs to mitigate timing attacks
	+ clock = round(clock * 50000) / 50000;
	+
	+ lua_pushnumber(L, (lua_Number)clock);
	return 1;
	}

	--
	2.15.1

Mime Type: text/x-diff
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 5394107
Default Alt Text: luasandbox-SECURITY-Reduce-precision-on-os.clock-to-mitigate-ti.patch (1 KB)