[Pkg-shadow-devel] SHA_salt_size() problem

Peter Vrabec pvrabec at redhat.com
Tue May 20 11:33:21 UTC 2008


hi folks,

see https://bugzilla.redhat.com/show_bug.cgi?id=447136

There are two problems in libmisc/salt.c with:
static unsigned int SHA_salt_size (void)
{
        double rand_rounds = 9 * random ();
        rand_rounds /= RAND_MAX;
        return 8 + rand_rounds;
}

1. random() is not init by srandom()
2. rand_rounds overflow

suggested fix:
static unsigned int SHA_salt_size (void)
{
	seedRNG ();
	unsigned int rand_rounds = random () % 9;
	return 8 + rand_rounds;
}



More information about the Pkg-shadow-devel mailing list