Blame fish-webconfig-CVE-2014-2914-followup-3.patch
|
Andy Lutomirski |
4de0b6 |
commit f5d81d3beac2542d675af15bf7f71762c456f30d
|
|
Andy Lutomirski |
4de0b6 |
Author: Andy Lutomirski <luto@amacapital.net>
|
|
Andy Lutomirski |
4de0b6 |
Date: Mon Aug 11 17:52:27 2014 -0700
|
|
Andy Lutomirski |
4de0b6 |
|
|
Andy Lutomirski |
4de0b6 |
webconfig: Get the auth token from os.urandom
|
|
Andy Lutomirski |
4de0b6 |
|
|
Andy Lutomirski |
4de0b6 |
random.getrandbits shouldn't be used for security.
|
|
Andy Lutomirski |
4de0b6 |
|
|
Andy Lutomirski |
4de0b6 |
diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
|
|
Andy Lutomirski |
4de0b6 |
index 2ceb67e..f36f63f 100755
|
|
Andy Lutomirski |
4de0b6 |
--- a/share/tools/web_config/webconfig.py
|
|
Andy Lutomirski |
4de0b6 |
+++ b/share/tools/web_config/webconfig.py
|
|
Andy Lutomirski |
4de0b6 |
@@ -654,7 +654,7 @@ where = os.path.dirname(sys.argv[0])
|
|
Andy Lutomirski |
4de0b6 |
os.chdir(where)
|
|
Andy Lutomirski |
4de0b6 |
|
|
Andy Lutomirski |
4de0b6 |
# Generate a 16-byte random key as a hexadecimal string
|
|
Andy Lutomirski |
4de0b6 |
-authkey = hex(random.getrandbits(16*8))[2:]
|
|
Andy Lutomirski |
4de0b6 |
+authkey = hex(os.urandom(16))[2:]
|
|
Andy Lutomirski |
4de0b6 |
|
|
Andy Lutomirski |
4de0b6 |
# Try to find a suitable port
|
|
Andy Lutomirski |
4de0b6 |
PORT = 8000
|