summaryrefslogtreecommitdiffstats
path: root/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch')
-rw-r--r--kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch76
1 files changed, 76 insertions, 0 deletions
diff --git a/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch b/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch
new file mode 100644
index 0000000..7a394a5
--- /dev/null
+++ b/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch
@@ -0,0 +1,76 @@
+From: Aaron Seigo <aseigo@kde.org>
+Date: Mon, 03 Jun 2013 17:16:32 +0000
+Subject: use KRandom, avoid modulo bias
+X-Git-Url: http://quickgit.kde.org/?p=kdeplasma-addons.git&a=commitdiff&h=36a1fe49cb70f717c4a6e9eeee2c9186503a8dce
+---
+use KRandom, avoid modulo bias
+---
+
+
+--- a/applets/paste/pastemacroexpander.cpp
++++ b/applets/paste/pastemacroexpander.cpp
+@@ -27,6 +27,7 @@
+ #include <KDebug>
+ #include <KLocale>
+ #include <KMessageBox>
++#include <KRandom>
+
+ class PasteMacroExpanderSingleton
+ {
+@@ -142,35 +143,49 @@
+ << "01234567890"
+ << "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
+
+- int charCount;
++ int charCount = 8;
+ QString chars;
+ QString result;
+
+ if (a.count() > 0) {
+- charCount = qMax(a[0].trimmed().toInt(), 1);
+- } else {
+- charCount = 8;
++ charCount = qMax(a[0].trimmed().toInt(), 8);
+ }
++
+ if (a.count() < 2) {
+ chars = characterSets.join("");
+ }
++
+ if (a.count() > 1) {
+ chars += (a[1].trimmed() == "true") ? characterSets[0] : "";
+ }
++
+ if (a.count() > 2) {
+ chars += (a[2].trimmed() == "true") ? characterSets[1] : "";
+ }
++
+ if (a.count() > 3) {
+ chars += (a[3].trimmed() == "true") ? characterSets[2] : "";
+ }
++
+ if (a.count() > 4) {
+ chars += (a[4].trimmed() == "true") ? characterSets[3] : "";
+ }
+
+- QDateTime now = QDateTime::currentDateTime();
+- qsrand(now.toTime_t() / now.time().msec());
++ const int setSize = chars.count();
++ const int top = (RAND_MAX / setSize) * setSize;
++ kDebug() << "topping out at " << setSize << RAND_MAX << top;
+ for (int i = 0; i < charCount; ++i) {
+- result += chars[qrand() % chars.count()];
++ // to prevent modulo bias, discard random numbers at the
++ // 'top end' of INT_MAX
++ int rand = -1;
++ do {
++ if (rand > 0) {
++ kDebug() << "Ha!" << rand;
++ }
++ rand = KRandom::random();
++ } while (rand >= top);
++
++ result += chars[rand % setSize];
+ }
+ //kDebug() << result;
+ return result;