CVE-2018-4700: Linux session cookies used a predictable random number seed.

diff --git a/CHANGES.md b/CHANGES.md
index 0626f307df96628421aabfbaf1cca1157053f73a..ebeef6fedc5e540d4708c34868fdefe92da6409c 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,4 +1,4 @@
-CHANGES - 2.3b6 - 2018-12-06
+CHANGES - 2.3b6 - 2018-12-07
 ============================
 
 Changes in CUPS v2.3b6
@@ -7,6 +7,7 @@ Changes in CUPS v2.3b6
 - Localization update (Issue #5339, Issue #5348, Issue #5362, Issue #5408,
   Issue #5410)
 - Documentation updates (Issue #5369, Issue #5402, Issue #5403, Issue #5404)
+- CVE-2018-4700: Linux session cookies used a predictable random number seed.
 - All user commands now support the `--help` option (Issue #5326)
 - The `lpoptions` command now works with IPP Everywhere printers that have not
   yet been added as local queues (Issue #5045)

diff --git a/cgi-bin/var.c b/cgi-bin/var.c
index 316b67f05eae7813186bab62f68c208e3cdf02c8..12f3c83448779e26945b01f5d76376f7d1e406f4 100644 (file)
--- a/cgi-bin/var.c
+++ b/cgi-bin/var.c
@@ -1186,6 +1186,7 @@ cgi_set_sid(void)
   const char           *remote_addr,   /* REMOTE_ADDR */
                        *server_name,   /* SERVER_NAME */
                        *server_port;   /* SERVER_PORT */
+  struct timeval       curtime;        /* Current time */
 
 
   if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
@@ -1195,7 +1196,8 @@ cgi_set_sid(void)
   if ((server_port = getenv("SERVER_PORT")) == NULL)
     server_port = "SERVER_PORT";
 
-  CUPS_SRAND(time(NULL));
+  gettimeofday(&curtime, NULL);
+  CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
   snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
            remote_addr, server_name, server_port,
           (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,