MFC: Use arc4random_buf(3) if available to generate cookies.

Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.

xserver/configure.ac

@@ -223,6 +223,8 @@ AC_CHECK_FUNCS([backtrace ffs geteuid getuid issetugid getresuid \
 AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup \
 	timingsafe_memcmp])
 
+AC_CHECK_LIB([bsd], [arc4random_buf])
+
 AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
 
 dnl Check for SO_PEERCRED #define

xserver/include/dix-config.h.in

@@ -125,6 +125,9 @@
 /* Build a standalone xpbproxy */
 #undef STANDALONE_XPBPROXY
 
+/* Define to 1 if you have the `bsd' library (-lbsd). */
+#undef HAVE_LIBBSD
+
 /* Define to 1 if you have the `m' library (-lm). */
 #undef HAVE_LIBM
 
@@ -155,6 +158,9 @@
 /* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
 #undef HAVE_RPCSVC_DBM_H
 
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
 /* Define to use libc SHA1 functions */
 #undef HAVE_SHA1_IN_LIBC
 

xserver/os/auth.c

@@ -45,6 +45,9 @@ from The Open Group.
 #ifdef WIN32
 #include    <X11/Xw32defs.h>
 #endif
+#ifdef HAVE_LIBBSD
+#include   <bsd/stdlib.h>       /* for arc4random_buf() */
+#endif
 
 struct protocol {
     unsigned short name_length;
@@ -303,11 +306,15 @@ GenerateAuthorization(unsigned name_length,
 void
 GenerateRandomData(int len, char *buf)
 {
+#ifndef HAVE_ARC4RANDOMBUF
     int fd;
 
     fd = open("/dev/urandom", O_RDONLY);
     read(fd, buf, len);
     close(fd);
+#else
+    arc4random_buf(buf, len);
+#endif
 }
 
 #endif                          /* XCSECURITY */