From ca523deca47303436fe522d030dbd9af3635be60 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 21 Mar 2016 19:56:05 +0100
Subject: [PATCH] Extract entropy from XML_Parser address

Idea by Yann Droneaud, thanks!
https://bugzilla.redhat.com/show_bug.cgi?id=1197087#c21
---
 expat/lib/xmlparse.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 998def33..a2744b1c 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -434,7 +434,7 @@ static ELEMENT_TYPE *
 getElementType(XML_Parser parser, const ENCODING *enc,
                const char *ptr, const char *end);
 
-static unsigned long generate_hash_secret_salt(void);
+static unsigned long generate_hash_secret_salt(XML_Parser parser);
 static XML_Bool startParsing(XML_Parser parser);
 
 static XML_Parser
@@ -706,11 +706,12 @@ gather_time_entropy(void)
 }
 
 static unsigned long
-generate_hash_secret_salt(void)
+generate_hash_secret_salt(XML_Parser parser)
 {
   /* Process ID is 0 bits entropy if attacker has local access
+   * XML_Parser address is few bits of entropy if attacker has local access
    * Factor is 2^61-1 (Mersenne prime M61) */
-  return (gather_time_entropy() ^ getpid()) * 2305843009213693951;
+  return (gather_time_entropy() ^ getpid() ^ (unsigned long)parser) * 2305843009213693951;
 }
 
 static XML_Bool  /* only valid for root parser */
@@ -718,7 +719,7 @@ startParsing(XML_Parser parser)
 {
     /* hash functions must be initialized before setContext() is called */
     if (hash_secret_salt == 0)
-      hash_secret_salt = generate_hash_secret_salt();
+      hash_secret_salt = generate_hash_secret_salt(parser);
     if (ns) {
       /* implicit context only set for root parser, since child
          parsers (i.e. external entity parsers) will inherit it
-- 
2.40.0