summaryrefslogtreecommitdiffstats
path: root/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch
blob: 7a394a506141cbaf42b57cb87f25a37571401b92 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
From: Aaron Seigo <aseigo@kde.org>
Date: Mon, 03 Jun 2013 17:16:32 +0000
Subject: use KRandom, avoid modulo bias
X-Git-Url: http://quickgit.kde.org/?p=kdeplasma-addons.git&a=commitdiff&h=36a1fe49cb70f717c4a6e9eeee2c9186503a8dce
---
use KRandom, avoid modulo bias
---


--- a/applets/paste/pastemacroexpander.cpp
+++ b/applets/paste/pastemacroexpander.cpp
@@ -27,6 +27,7 @@
 #include <KDebug>
 #include <KLocale>
 #include <KMessageBox>
+#include <KRandom>
 
 class PasteMacroExpanderSingleton
 {
@@ -142,35 +143,49 @@
             << "01234567890"
             << "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
 
-    int charCount;
+    int charCount = 8;
     QString chars;
     QString result;
 
     if (a.count() > 0) {
-        charCount = qMax(a[0].trimmed().toInt(), 1);
-    } else {
-        charCount = 8;
+        charCount = qMax(a[0].trimmed().toInt(), 8);
     }
+
     if (a.count() < 2) {
         chars = characterSets.join("");
     }
+
     if (a.count() > 1) {
         chars += (a[1].trimmed() == "true") ? characterSets[0] : "";
     }
+
     if (a.count() > 2) {
         chars += (a[2].trimmed() == "true") ? characterSets[1] : "";
     }
+
     if (a.count() > 3) {
         chars += (a[3].trimmed() == "true") ? characterSets[2] : "";
     }
+
     if (a.count() > 4) {
         chars += (a[4].trimmed() == "true") ? characterSets[3] : "";
     }
 
-    QDateTime now = QDateTime::currentDateTime();
-    qsrand(now.toTime_t() / now.time().msec());
+    const int setSize = chars.count();
+    const int top = (RAND_MAX / setSize) * setSize;
+    kDebug() << "topping out at " << setSize << RAND_MAX << top;
     for (int i = 0; i < charCount; ++i) {
-        result += chars[qrand() % chars.count()];
+        // to prevent modulo bias, discard random numbers at the
+        // 'top end' of INT_MAX
+        int rand = -1;
+        do {
+            if (rand > 0) {
+                kDebug() << "Ha!" << rand;
+            }
+            rand = KRandom::random();
+        } while (rand >= top);
+
+        result += chars[rand % setSize];
     }
     //kDebug() << result;
     return result;