lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-30 13:01:23 +03:00
Code Activity

misc: Do not call random()

Browse Source 
Avoid calling random() and use ssh_get_random() instead.

CID #1412376

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Anderson Toshiyuki Sasaki
2020-09-07 12:01:16 +02:00
committed by Jakub Jelen
parent e4c5f6d3d9
commit d10f971bbb
1 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/misc.c
View File

@@ -1749,6 +1749,8 @@ int ssh_tmpname(char *template)
{ {
char *tmp = NULL; char *tmp = NULL;
size_t i = 0; size_t i = 0;
int rc = 0;
uint8_t random[6];
if (template == NULL) { if (template == NULL) {
goto err; goto err;
@@ -1767,17 +1769,18 @@ int ssh_tmpname(char *template)
} }
} }
srand(time(NULL)); rc = ssh_get_random(random, 6, 0);
if (!rc) {
SSH_LOG(SSH_LOG_WARNING,
"Could not generate random data\n");
goto err;
}
for (i = 0; i < 6; ++i) { for (i = 0; i < 6; i++) {
#ifdef _WIN32 /* Limit the random[i] < 32 */
/* in win32 MAX_RAND is 32767, thus we can not shift that far, random[i] &= 0x1f;
* otherwise the last three chars are 0 */ /* For values from 0 to 9 use numbers, otherwise use letters */
int hexdigit = (rand() >> (i * 2)) & 0x1f; tmp[i] = random[i] > 9 ? random[i] + 'a' - 10 : random[i] + '0';
#else
int hexdigit = (rand() >> (i * 5)) & 0x1f;
#endif
tmp[i] = hexdigit > 9 ? hexdigit + 'a' - 10 : hexdigit + '0';
} }
return 0; return 0;