[Pkg-shadow-devel] SHA_salt_size() problem
Peter Vrabec
pvrabec at redhat.com
Tue May 20 11:33:21 UTC 2008
hi folks,
see https://bugzilla.redhat.com/show_bug.cgi?id=447136
There are two problems in libmisc/salt.c with:
static unsigned int SHA_salt_size (void)
{
double rand_rounds = 9 * random ();
rand_rounds /= RAND_MAX;
return 8 + rand_rounds;
}
1. random() is not init by srandom()
2. rand_rounds overflow
suggested fix:
static unsigned int SHA_salt_size (void)
{
seedRNG ();
unsigned int rand_rounds = random () % 9;
return 8 + rand_rounds;
}
More information about the Pkg-shadow-devel
mailing list