Replace calls to rand_s with calls to RtlGenRandom

sandbox/win/src/interception.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // For information about interceptions as a whole see
 // http://dev.chromium.org/developers/design-documents/sandbox .
 
 #include <set>
 
 #include "sandbox/win/src/interception.h"
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
 #include "base/win/pe_image.h"
 #include "base/win/windows_version.h"
 #include "sandbox/win/src/interception_internal.h"
 #include "sandbox/win/src/interceptors.h"
 #include "sandbox/win/src/sandbox.h"
+#include "sandbox/win/src/sandbox_rand.h"
 #include "sandbox/win/src/service_resolver.h"
 #include "sandbox/win/src/target_interceptions.h"
 #include "sandbox/win/src/target_process.h"
 #include "sandbox/win/src/wow64.h"
 
+namespace sandbox {
+
 namespace {
 
 // Standard allocation granularity and page size for Windows.
 const size_t kAllocGranularity = 65536;
 const size_t kPageSize = 4096;
 
+}  // namespace
+
+namespace internal {
+
 // Find a random offset within 64k and aligned to ceil(log2(size)).
 size_t GetGranularAlignedRandomOffset(size_t size) {
   CHECK_LE(size, kAllocGranularity);
   unsigned int offset;
 
   do {
-    rand_s(&offset);
+    GetRandom(&offset);
     offset &= (kAllocGranularity - 1);
   } while (offset > (kAllocGranularity - size));
 
   // Find an alignment between 64 and the page size (4096).
   size_t align_size = kPageSize;
   for (size_t new_size = align_size / 2;  new_size >= size; new_size /= 2) {
     align_size = new_size;
   }
   return offset & ~(align_size - 1);
 }
 
-}  // namespace
-
-namespace sandbox {
+}  // namespace internal
 
 SANDBOX_INTERCEPT SharedMemory* g_interceptions;
 
 // Table of the unpatched functions that we intercept. Mapped from the parent.
 SANDBOX_INTERCEPT OriginalFunctions g_originals = { NULL };
 
 // Magic constant that identifies that this function is not to be patched.
 const char kUnloadDLLDummyFunction[] = "@";
 
 InterceptionManager::InterceptionData::InterceptionData() {
@@ skipping 325 matching lines @@
 
   // Reserve a full 64k memory range in the child process.
   HANDLE child = child_->Process();
   BYTE* thunk_base = reinterpret_cast<BYTE*>(
                          ::VirtualAllocEx(child, NULL, kAllocGranularity,
                                           MEM_RESERVE, PAGE_NOACCESS));
 
   // Find an aligned, random location within the reserved range.
   size_t thunk_bytes = interceptions_.size() * sizeof(ThunkData) +
                        sizeof(DllInterceptionData);
-  size_t thunk_offset = GetGranularAlignedRandomOffset(thunk_bytes);
+  size_t thunk_offset = internal::GetGranularAlignedRandomOffset(thunk_bytes);
 
   // Split the base and offset along page boundaries.
   thunk_base += thunk_offset & ~(kPageSize - 1);
   thunk_offset &= kPageSize - 1;
 
   // Make an aligned, padded allocation, and move the pointer to our chunk.
   size_t thunk_bytes_padded = (thunk_bytes + kPageSize - 1) & ~(kPageSize - 1);
   thunk_base = reinterpret_cast<BYTE*>(
                    ::VirtualAllocEx(child, thunk_base, thunk_bytes_padded,
                                     MEM_COMMIT, PAGE_EXECUTE_READWRITE));
@@ skipping 134 matching lines @@
     ::FreeLibrary(local_interceptor);
 #endif
 
   if (it != interceptions_.end())
     return false;
 
   return true;
 }
 
 }  // namespace sandbox