Blame SOURCES/0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch
|
 |
1d75c0 |
diff --git a/cgi-bin/var.c b/cgi-bin/var.c
|
|
|
1d75c0 |
index 316b67f05..12f3c8344 100644
|
|
|
1d75c0 |
--- a/cgi-bin/var.c
|
|
|
1d75c0 |
+++ b/cgi-bin/var.c
|
|
|
1d75c0 |
@@ -1186,6 +1186,7 @@ cgi_set_sid(void)
|
|
|
1d75c0 |
const char *remote_addr, /* REMOTE_ADDR */
|
|
|
1d75c0 |
*server_name, /* SERVER_NAME */
|
|
|
1d75c0 |
*server_port; /* SERVER_PORT */
|
|
|
1d75c0 |
+ struct timeval curtime; /* Current time */
|
|
|
1d75c0 |
|
|
|
1d75c0 |
|
|
|
1d75c0 |
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
|
|
|
1d75c0 |
@@ -1195,7 +1196,8 @@ cgi_set_sid(void)
|
|
|
1d75c0 |
if ((server_port = getenv("SERVER_PORT")) == NULL)
|
|
|
1d75c0 |
server_port = "SERVER_PORT";
|
|
|
1d75c0 |
|
|
|
1d75c0 |
- CUPS_SRAND(time(NULL));
|
|
|
1d75c0 |
+ gettimeofday(&curtime, NULL);
|
|
|
1d75c0 |
+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
|
|
|
1d75c0 |
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
1d75c0 |
remote_addr, server_name, server_port,
|
|
|
1d75c0 |
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,
|