git.ipfire.org Git - thirdparty/shadow.git/commit

]> git.ipfire.org Git - thirdparty/shadow.git/commit

projects / thirdparty / shadow.git / commit

author	Björn Esser <besser82@fedoraproject.org>
	Wed, 23 Jun 2021 14:06:47 +0000 (16:06 +0200)
committer	Björn Esser <besser82@fedoraproject.org>
	Wed, 23 Jun 2021 14:30:21 +0000 (16:30 +0200)
commit	bc8257cf73328e450511b13cbd35e1994feccb30
tree	42dfedf1b1a05b446e081780a074f7877b107041	tree
parent	dbf230e4cf823dd6b6a3bad6d29dfad4f0ffa8fc	commit \| diff

libmisc/salt.c: Obtain random bytes from /dev/urandom.

Using the random() function to obtain pseudo-random bytes
for generating salt strings is considered to be dangerous.
See CWE-327.

We really should use a more reliable source for obtaining
pseudo-random bytes like /dev/urandom.

Fixes #376.

Signed-off-by: Björn Esser <besser82@fedoraproject.org>

libmisc/salt.c

diff | blob | blame | history

Mirror of https://github.com/shadow-maint/shadow.git

RSS Atom