diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2020-09-07 12:01:16 +0200 |
---|---|---|
committer | Jakub Jelen <jjelen@redhat.com> | 2020-09-17 10:45:25 +0200 |
commit | d10f971bbb7aaecd0ab82953027c462743814173 (patch) | |
tree | 222b016cb78a7ab60ff5059957537e31137504a0 | |
parent | e4c5f6d3d9bff233a39abe7810ba76019572fd2f (diff) | |
download | libssh-d10f971bbb7aaecd0ab82953027c462743814173.tar.gz libssh-d10f971bbb7aaecd0ab82953027c462743814173.tar.xz libssh-d10f971bbb7aaecd0ab82953027c462743814173.zip |
misc: Do not call random()
Avoid calling random() and use ssh_get_random() instead.
CID #1412376
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r-- | src/misc.c | 23 |
1 files changed, 13 insertions, 10 deletions
@@ -1749,6 +1749,8 @@ int ssh_tmpname(char *template) { char *tmp = NULL; size_t i = 0; + int rc = 0; + uint8_t random[6]; if (template == NULL) { goto err; @@ -1767,17 +1769,18 @@ int ssh_tmpname(char *template) } } - srand(time(NULL)); + rc = ssh_get_random(random, 6, 0); + if (!rc) { + SSH_LOG(SSH_LOG_WARNING, + "Could not generate random data\n"); + goto err; + } - for (i = 0; i < 6; ++i) { -#ifdef _WIN32 - /* in win32 MAX_RAND is 32767, thus we can not shift that far, - * otherwise the last three chars are 0 */ - int hexdigit = (rand() >> (i * 2)) & 0x1f; -#else - int hexdigit = (rand() >> (i * 5)) & 0x1f; -#endif - tmp[i] = hexdigit > 9 ? hexdigit + 'a' - 10 : hexdigit + '0'; + for (i = 0; i < 6; i++) { + /* Limit the random[i] < 32 */ + random[i] &= 0x1f; + /* For values from 0 to 9 use numbers, otherwise use letters */ + tmp[i] = random[i] > 9 ? random[i] + 'a' - 10 : random[i] + '0'; } return 0; |