aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2020-09-07 12:01:16 +0200
committerJakub Jelen <jjelen@redhat.com>2020-09-17 10:45:25 +0200
commitd10f971bbb7aaecd0ab82953027c462743814173 (patch)
tree222b016cb78a7ab60ff5059957537e31137504a0
parente4c5f6d3d9bff233a39abe7810ba76019572fd2f (diff)
downloadlibssh-d10f971bbb7aaecd0ab82953027c462743814173.tar.gz
libssh-d10f971bbb7aaecd0ab82953027c462743814173.tar.xz
libssh-d10f971bbb7aaecd0ab82953027c462743814173.zip
misc: Do not call random()
Avoid calling random() and use ssh_get_random() instead. CID #1412376 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r--src/misc.c23
1 files changed, 13 insertions, 10 deletions
diff --git a/src/misc.c b/src/misc.c
index 955ceed6..167beaf1 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1749,6 +1749,8 @@ int ssh_tmpname(char *template)
{
char *tmp = NULL;
size_t i = 0;
+ int rc = 0;
+ uint8_t random[6];
if (template == NULL) {
goto err;
@@ -1767,17 +1769,18 @@ int ssh_tmpname(char *template)
}
}
- srand(time(NULL));
+ rc = ssh_get_random(random, 6, 0);
+ if (!rc) {
+ SSH_LOG(SSH_LOG_WARNING,
+ "Could not generate random data\n");
+ goto err;
+ }
- for (i = 0; i < 6; ++i) {
-#ifdef _WIN32
- /* in win32 MAX_RAND is 32767, thus we can not shift that far,
- * otherwise the last three chars are 0 */
- int hexdigit = (rand() >> (i * 2)) & 0x1f;
-#else
- int hexdigit = (rand() >> (i * 5)) & 0x1f;
-#endif
- tmp[i] = hexdigit > 9 ? hexdigit + 'a' - 10 : hexdigit + '0';
+ for (i = 0; i < 6; i++) {
+ /* Limit the random[i] < 32 */
+ random[i] &= 0x1f;
+ /* For values from 0 to 9 use numbers, otherwise use letters */
+ tmp[i] = random[i] > 9 ? random[i] + 'a' - 10 : random[i] + '0';
}
return 0;