iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-05-08 22:34:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use a better seed for srand()

Browse Source 
Instead of just time() (which can be easily guessed by an attacker when he gets
a couple of samples of rand() results), this now also uses the current
microseconds, znc's pid and the old PRNG state for computing a seed.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1813 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
psychon
2010-03-07 14:55:20 +00:00
parent ab6bb12baa
commit ec08e22ed7
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main.cpp
+22 -1
View File
@@ -75,11 +75,32 @@ static bool isRoot() {
return false;
}
static void seedPRNG() {
struct timeval tv;
unsigned int seed;
// Try to find a seed which can't be as easily guessed as only time()
if (gettimeofday(&tv, NULL) == 0) {
seed = tv.tv_sec;
// This is in [0:1e6], which means that roughly 20 bits are
// actually used, let's try to shuffle the high bits.
seed ^= (tv.tv_usec << 10) | tv.tv_usec;
} else
seed = time(NULL);
seed ^= rand();
seed ^= getpid();
srand(seed);
}
int main(int argc, char** argv) {
CString sConfig;
CString sDataDir = "";
srand(time(NULL));
seedPRNG();
CUtils::SetStdoutIsTTY(isatty(1));
int iArg, iOptIndex = -1;