libexpat calls rand to obtain a secret hash salt. That’s not good. Actually, as far as vulnerabilities go, it’s pretty chickenshit, but perhaps there’s a lesson to be learned.
2012-03-24 – libexpat 2.1.0 released with a fix for an algorithmic hash table attack ( CVE-2012-0876 ). It uses rand() seeded by srand(time(NULL)) to obtain a hash table salt.
2012-04-01 – libexpat 2.1.0 imported to OpenBSD . The rand calls are replaced with arc4random as spotted by deraadt and nicm. April Fools!
2012-04-05 – A public report that using random may be too predictable.
2013 – Tick tock.
2014 – Tick tock.
2015-02-07 – Redhat bug filed . The complaint is not that rand is a poor choice for secret salts, but that calling srand interferes with the proper malfunctioning of other rand consumers.
2016-06-04 – libexpat is the proud recipient of two more CVE awards . By sheer miraculous luck, OpenBSD is not susceptible. Users of other operating systems need not be alarmed as libexpat has been patched to use getpid as a source of entropy as well.
const unsigned long entropy = gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
Lesson to be learned? Sometimes bad things happen and there’s nothing we can do to prevent them. So it goes.