[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] 77/311: Bug 1751177 - Give sandbox permissions for BCryptGenRandom on Win7. r=tkikuchi, a=RyanVM



This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch geckoview-99.0.1-11.0-1
in repository tor-browser.

commit 6167f9034bab0d2d9d22e70d0b7791a0123116e6
Author: Alexandre Lissy <lissyx+mozillians@xxxxxxxxxxxxxxxxx>
AuthorDate: Mon Jan 31 20:46:48 2022 +0000

    Bug 1751177 - Give sandbox permissions for BCryptGenRandom on Win7. r=tkikuchi, a=RyanVM
---
 toolkit/xre/nsEmbedFunctions.cpp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp
index b294a153911a3..dd19c867df1ad 100644
--- a/toolkit/xre/nsEmbedFunctions.cpp
+++ b/toolkit/xre/nsEmbedFunctions.cpp
@@ -593,10 +593,18 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
     SandboxBroker::GeckoDependentInitialize();
   }
 
-  // Call RandomUint64 to pre-load bcryptPrimitives.dll while the current
-  // thread still has an unrestricted impersonation token.
-  RandomUint64OrDie();
-#endif
+  // Call BCryptGenRandom() to pre-load bcryptPrimitives.dll while the current
+  // thread still has an unrestricted impersonation token. We need to perform
+  // that operation to warmup the BCryptGenRandom() call that is used by
+  // others, especially rust.  See bug 1746524, bug 1751094, bug 1751177
+  UCHAR buffer[32];
+  NTSTATUS status = BCryptGenRandom(NULL,            // hAlgorithm
+                                    buffer,          // pbBuffer
+                                    sizeof(buffer),  // cbBuffer
+                                    BCRYPT_USE_SYSTEM_PREFERRED_RNG  // dwFlags
+  );
+  MOZ_RELEASE_ASSERT(status == STATUS_SUCCESS);
+#endif  // defined(MOZ_SANDBOX) && defined(XP_WIN)
 
   {
     // This is a lexical scope for the MessageLoop below.  We want it

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits