diff options
author | Narrat | 2017-04-04 22:34:41 +0200 |
---|---|---|
committer | Narrat | 2017-04-04 22:34:41 +0200 |
commit | 722facc6001a2e40aa8fbe847b41df232b6c2ae6 (patch) | |
tree | ca58034382beb7d1f3bda20c3fc6bbda5297d704 | |
parent | fb190e0120ef5bc63f4e1d4903620d1e241e9324 (diff) | |
download | aur-722facc6001a2e40aa8fbe847b41df232b6c2ae6.tar.gz |
Add patch which uses getrandom() for random numbers
Drops the srand/rand combo.
Issues may still exist
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | PKGBUILD | 8 | ||||
-rw-r--r-- | change_prng.patch | 51 | ||||
-rw-r--r-- | seed.patch | 39 |
4 files changed, 58 insertions, 46 deletions
@@ -1,16 +1,16 @@ pkgbase = correcthorse pkgdesc = Passphrase generator based on https://xkcd.com/936/ pkgver = 1.0 - pkgrel = 4 + pkgrel = 5 url = https://github.com/rmartinjak/correcthorse arch = i686 arch = x86_64 license = WTFPL depends = glibc>=2.25 source = correcthorse-1.0.tar.gz::https://github.com/rmartinjak/correcthorse/archive/v1.0.tar.gz - source = seed.patch + source = change_prng.patch md5sums = 3d691f786f5879f5b902585472d6d195 - md5sums = 34c953a35b1cb563d571005d62c3d199 + md5sums = 652145bc56a7d199c95c241cb3744760 pkgname = correcthorse @@ -3,21 +3,21 @@ pkgname=correcthorse pkgver=1.0 -pkgrel=4 +pkgrel=5 pkgdesc="Passphrase generator based on https://xkcd.com/936/" arch=('i686' 'x86_64') url="https://github.com/rmartinjak/correcthorse" license=('WTFPL') depends=('glibc>=2.25') source=(${pkgname}-${pkgver}.tar.gz::https://github.com/rmartinjak/$pkgname/archive/v$pkgver.tar.gz - seed.patch) + change_prng.patch) md5sums=('3d691f786f5879f5b902585472d6d195' - '34c953a35b1cb563d571005d62c3d199') + '652145bc56a7d199c95c241cb3744760') prepare() { cd "$srcdir/$pkgname-$pkgver" - patch -Np1 -i "${srcdir}/seed.patch" + patch -Np1 -i "${srcdir}/change_prng.patch" } build() { diff --git a/change_prng.patch b/change_prng.patch new file mode 100644 index 000000000000..472a39cd8ee6 --- /dev/null +++ b/change_prng.patch @@ -0,0 +1,51 @@ +commit ca7beb741b4708e7f2cb2e3c33aafc11b560cb59 +Author: Narrat <autumn-wind@web.de> +Date: Tue Apr 4 22:19:53 2017 +0200 + + Replace srand()/rand() combo with getrandom() + + This requires glibc-2.25. + + Reason for the move: The time based initialization is a security issue. + Additionally is the rand() RNG not the best one out there. + + The newly getentropy/getrandom() from glibc uses for random numbers /dev/(u)random, which are a better choice. + +diff --git a/src/correcthorse.c b/src/correcthorse.c +index 506e8db..77c8a39 100644 +--- a/src/correcthorse.c ++++ b/src/correcthorse.c +@@ -12,9 +12,9 @@ + #include <stdio.h> + #include <stdlib.h> + #include <unistd.h> +-#include <time.h> + #include <string.h> + #include <ctype.h> ++#include <sys/random.h> + + #ifdef _GNU_SOURCE + #include <getopt.h> +@@ -30,15 +30,16 @@ static void print_version(char *argv0); + + static size_t rand_index(size_t n) + { +- static int seed = 0; ++ unsigned long seed_feed[1]; ++ int ret=0; + +- if (!seed) +- { +- srand(time(NULL)); +- seed = 1; ++ ret = getrandom(seed_feed, sizeof(long), 0); ++ if (ret <= 0) { ++ fprintf(stderr, "getrandom() returned %d: ", ret); ++ perror(""); + } + +- return rand() % n; ++ return *seed_feed % n; + } + + static void rand_perm(size_t *dest, size_t n) diff --git a/seed.patch b/seed.patch deleted file mode 100644 index 01fb6d1f7301..000000000000 --- a/seed.patch +++ /dev/null @@ -1,39 +0,0 @@ -commit 406bc7d04fa085667b86276d65ddaa8ca47a28e0 -Author: Narrat <autumn-wind@web.de> -Date: Tue Apr 4 02:08:02 2017 +0200 - - Avoid using a time based seed for srand - - Knowing the time would made it possible to replicate the generated password(s). - Still the pseudeo rng should be replaced - -diff --git a/src/correcthorse.c b/src/correcthorse.c -index 506e8db..46b1995 100644 ---- a/src/correcthorse.c -+++ b/src/correcthorse.c -@@ -15,6 +15,7 @@ - #include <time.h> - #include <string.h> - #include <ctype.h> -+#include <sys/random.h> - - #ifdef _GNU_SOURCE - #include <getopt.h> -@@ -31,10 +32,16 @@ static void print_version(char *argv0); - static size_t rand_index(size_t n) - { - static int seed = 0; -+ long seed_feed[1]; -+ int ret=0; - - if (!seed) - { -- srand(time(NULL)); -+ ret = getrandom(seed_feed, sizeof(long), 0); -+ if (ret <= 0) { -+ printf("Error: Something went wrong. If passwords got generated avoid using them\n"); -+ } -+ srand(*seed_feed); - seed = 1; - } - |