diff options
Diffstat (limited to 'kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch')
-rw-r--r-- | kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch b/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch new file mode 100644 index 0000000..7a394a5 --- /dev/null +++ b/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch @@ -0,0 +1,76 @@ +From: Aaron Seigo <aseigo@kde.org> +Date: Mon, 03 Jun 2013 17:16:32 +0000 +Subject: use KRandom, avoid modulo bias +X-Git-Url: http://quickgit.kde.org/?p=kdeplasma-addons.git&a=commitdiff&h=36a1fe49cb70f717c4a6e9eeee2c9186503a8dce +--- +use KRandom, avoid modulo bias +--- + + +--- a/applets/paste/pastemacroexpander.cpp ++++ b/applets/paste/pastemacroexpander.cpp +@@ -27,6 +27,7 @@ + #include <KDebug> + #include <KLocale> + #include <KMessageBox> ++#include <KRandom> + + class PasteMacroExpanderSingleton + { +@@ -142,35 +143,49 @@ + << "01234567890" + << "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"; + +- int charCount; ++ int charCount = 8; + QString chars; + QString result; + + if (a.count() > 0) { +- charCount = qMax(a[0].trimmed().toInt(), 1); +- } else { +- charCount = 8; ++ charCount = qMax(a[0].trimmed().toInt(), 8); + } ++ + if (a.count() < 2) { + chars = characterSets.join(""); + } ++ + if (a.count() > 1) { + chars += (a[1].trimmed() == "true") ? characterSets[0] : ""; + } ++ + if (a.count() > 2) { + chars += (a[2].trimmed() == "true") ? characterSets[1] : ""; + } ++ + if (a.count() > 3) { + chars += (a[3].trimmed() == "true") ? characterSets[2] : ""; + } ++ + if (a.count() > 4) { + chars += (a[4].trimmed() == "true") ? characterSets[3] : ""; + } + +- QDateTime now = QDateTime::currentDateTime(); +- qsrand(now.toTime_t() / now.time().msec()); ++ const int setSize = chars.count(); ++ const int top = (RAND_MAX / setSize) * setSize; ++ kDebug() << "topping out at " << setSize << RAND_MAX << top; + for (int i = 0; i < charCount; ++i) { +- result += chars[qrand() % chars.count()]; ++ // to prevent modulo bias, discard random numbers at the ++ // 'top end' of INT_MAX ++ int rand = -1; ++ do { ++ if (rand > 0) { ++ kDebug() << "Ha!" << rand; ++ } ++ rand = KRandom::random(); ++ } while (rand >= top); ++ ++ result += chars[rand % setSize]; + } + //kDebug() << result; + return result; |