Blame SOURCES/cups-CVE-2018-4700.patch
|
 |
87cf9a |
diff --git a/cgi-bin/var.c b/cgi-bin/var.c
|
|
|
87cf9a |
index 8b8c026..67175e9 100644
|
|
|
87cf9a |
--- a/cgi-bin/var.c
|
|
|
87cf9a |
+++ b/cgi-bin/var.c
|
|
|
87cf9a |
@@ -1221,6 +1221,7 @@ cgi_set_sid(void)
|
|
|
87cf9a |
const char *remote_addr, /* REMOTE_ADDR */
|
|
|
87cf9a |
*server_name, /* SERVER_NAME */
|
|
|
87cf9a |
*server_port; /* SERVER_PORT */
|
|
|
87cf9a |
+ struct timeval curtime; /* Current time */
|
|
|
87cf9a |
|
|
|
87cf9a |
|
|
|
87cf9a |
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
|
|
|
87cf9a |
@@ -1230,7 +1231,8 @@ cgi_set_sid(void)
|
|
|
87cf9a |
if ((server_port = getenv("SERVER_PORT")) == NULL)
|
|
|
87cf9a |
server_port = "SERVER_PORT";
|
|
|
87cf9a |
|
|
|
87cf9a |
- CUPS_SRAND(time(NULL));
|
|
|
87cf9a |
+ gettimeofday(&curtime, NULL);
|
|
|
87cf9a |
+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
|
|
|
87cf9a |
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
87cf9a |
remote_addr, server_name, server_port,
|
|
|
87cf9a |
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,
|