diff options
author | Eric Hameleers <alien@slackware.com> | 2020-07-31 16:13:18 +0200 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-07-31 16:13:18 +0200 |
commit | 703149752c6265b36973d2c1f0f5a69721e3128a (patch) | |
tree | 7ded0d801771d5705f48ffbfb48f37dd4829439e /kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch | |
parent | dd005500c624d127321ff3fe14a0c29bfa8d67f7 (diff) | |
parent | cd7ff1719433fbb3b6a8304596be173bc1b91b00 (diff) | |
download | ktown-703149752c6265b36973d2c1f0f5a69721e3128a.tar.gz ktown-703149752c6265b36973d2c1f0f5a69721e3128a.tar.xz |
Diffstat (limited to '')
-rw-r--r-- | kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch b/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch deleted file mode 100644 index 7a394a5..0000000 --- a/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch +++ /dev/null @@ -1,76 +0,0 @@ -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 03 Jun 2013 17:16:32 +0000 -Subject: use KRandom, avoid modulo bias -X-Git-Url: http://quickgit.kde.org/?p=kdeplasma-addons.git&a=commitdiff&h=36a1fe49cb70f717c4a6e9eeee2c9186503a8dce ---- -use KRandom, avoid modulo bias ---- - - ---- a/applets/paste/pastemacroexpander.cpp -+++ b/applets/paste/pastemacroexpander.cpp -@@ -27,6 +27,7 @@ - #include <KDebug> - #include <KLocale> - #include <KMessageBox> -+#include <KRandom> - - class PasteMacroExpanderSingleton - { -@@ -142,35 +143,49 @@ - << "01234567890" - << "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"; - -- int charCount; -+ int charCount = 8; - QString chars; - QString result; - - if (a.count() > 0) { -- charCount = qMax(a[0].trimmed().toInt(), 1); -- } else { -- charCount = 8; -+ charCount = qMax(a[0].trimmed().toInt(), 8); - } -+ - if (a.count() < 2) { - chars = characterSets.join(""); - } -+ - if (a.count() > 1) { - chars += (a[1].trimmed() == "true") ? characterSets[0] : ""; - } -+ - if (a.count() > 2) { - chars += (a[2].trimmed() == "true") ? characterSets[1] : ""; - } -+ - if (a.count() > 3) { - chars += (a[3].trimmed() == "true") ? characterSets[2] : ""; - } -+ - if (a.count() > 4) { - chars += (a[4].trimmed() == "true") ? characterSets[3] : ""; - } - -- QDateTime now = QDateTime::currentDateTime(); -- qsrand(now.toTime_t() / now.time().msec()); -+ const int setSize = chars.count(); -+ const int top = (RAND_MAX / setSize) * setSize; -+ kDebug() << "topping out at " << setSize << RAND_MAX << top; - for (int i = 0; i < charCount; ++i) { -- result += chars[qrand() % chars.count()]; -+ // to prevent modulo bias, discard random numbers at the -+ // 'top end' of INT_MAX -+ int rand = -1; -+ do { -+ if (rand > 0) { -+ kDebug() << "Ha!" << rand; -+ } -+ rand = KRandom::random(); -+ } while (rand >= top); -+ -+ result += chars[rand % setSize]; - } - //kDebug() << result; - return result; |