From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 21 Mar 2016 19:05:27 +0000 (+0100)
Subject: Use a prime that fits 32bits on 32bit platforms
X-Git-Tag: R_2_2_0~57^2~4
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f627ff74d631f4548f924ca5bd27ddad6cae07ab;p=libexpat

Use a prime that fits 32bits on 32bit platforms

Bug reported by Yann Droneaud, thanks!
https://bugzilla.redhat.com/show_bug.cgi?id=1197087#c21
---

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index a2744b1c..c9c7a9b2 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -709,9 +709,16 @@ static unsigned long
 generate_hash_secret_salt(XML_Parser parser)
 {
   /* Process ID is 0 bits entropy if attacker has local access
-   * XML_Parser address is few bits of entropy if attacker has local access
-   * Factor is 2^61-1 (Mersenne prime M61) */
-  return (gather_time_entropy() ^ getpid() ^ (unsigned long)parser) * 2305843009213693951;
+   * XML_Parser address is few bits of entropy if attacker has local access */
+  const unsigned long entropy =
+      gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
+
+  /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
+  if (sizeof(unsigned long) == 4) {
+    return entropy * 2147483647;
+  } else {
+    return entropy * 2305843009213693951;
+  }
 }
 
 static XML_Bool  /* only valid for root parser */