master

分支 (14)

标签 (14)

管理

管理

master

openEuler-22.03-LTS-Next

openEuler-22.03-LTS

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP1

openEuler-22.09

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP2

openEuler-21.09

openEuler-21.03

openEuler-20.09

openEuler-20.03-LTS

openEuler1.0

openEuler1.0-base

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200928

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

libxslt
/
CVE-2015-9019.patch

diff --git a/libexslt/math.c b/libexslt/math.c
index 17138b2..c9f9e5a 100644
--- a/libexslt/math.c
+++ b/libexslt/math.c
@@ -11,6 +11,13 @@

 #include <math.h>
 #include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <fcntl.h>
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif

 #include "exslt.h"

@@ -460,6 +467,20 @@ static double
 exsltMathRandom (void) {
     double ret;
     int num;
+    long seed;
+    static int randinit = 0;
+
+    if (!randinit) {
+	int fd = open("/dev/urandom",O_RDONLY);
+
+	seed = time(NULL); /* just in case /dev/urandom is not there */
+	if (fd == -1) {
+		read (fd, &seed, sizeof(seed));
+		close (fd);
+	}
+	srand(seed);
+	randinit = 1;
+    }

     num = rand();
     ret = (double)num / (double)RAND_MAX;
--
2.27.0