cups/0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch

23 lines
814 B
Diff

diff --git a/cgi-bin/var.c b/cgi-bin/var.c
index 316b67f05..12f3c8344 100644
--- a/cgi-bin/var.c
+++ b/cgi-bin/var.c
@@ -1186,6 +1186,7 @@ cgi_set_sid(void)
const char *remote_addr, /* REMOTE_ADDR */
*server_name, /* SERVER_NAME */
*server_port; /* SERVER_PORT */
+ struct timeval curtime; /* Current time */
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
@@ -1195,7 +1196,8 @@ cgi_set_sid(void)
if ((server_port = getenv("SERVER_PORT")) == NULL)
server_port = "SERVER_PORT";
- CUPS_SRAND(time(NULL));
+ gettimeofday(&curtime, NULL);
+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
remote_addr, server_name, server_port,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,