From e2800f28430c8ff65ef2345c0e8200af762138fd Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Fri, 12 Jan 2018 13:35:01 -0500
Subject: [PATCH] SECURITY: Reduce precision on os.clock() to mitigate timing
 attacks

Bug: T184156
Change-Id: I2b5cc177bded1a9b5600d77116e67817841204be
---
 engines/LuaCommon/lualib/mwInit.lua | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/engines/LuaCommon/lualib/mwInit.lua b/engines/LuaCommon/lualib/mwInit.lua
index d3113bb..c1667ef 100644
--- a/engines/LuaCommon/lualib/mwInit.lua
+++ b/engines/LuaCommon/lualib/mwInit.lua
@@ -26,6 +26,15 @@ do
 	end
 end
 
+-- Reduce precision on os.clock to mitigate timing attacks
+do
+	local old_clock = os.clock
+	os.clock = function ()
+		local v = old_clock()
+		return math.floor( v * 50000 + 0.5 ) / 50000
+	end
+end
+
 --- Do a "deep copy" of a table or other value.
 function mw.clone( val )
 	local tableRefs = {}
-- 
2.15.1