From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Fri, 7 Dec 2018 17:09:00 +0000 (-0500)
Subject: CVE-2018-4700: Linux session cookies used a predictable random number seed.
X-Git-Tag: v2.2.10~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=feb4c62b211bfbd78dc10d737d873439ccdfa58c;p=thirdparty%2Fcups.git

CVE-2018-4700: Linux session cookies used a predictable random number seed.
---

diff --git a/CHANGES.md b/CHANGES.md
index b5aff71580..65cbdb1301 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,10 +1,11 @@
-CHANGES - 2.2.10 - 2018-12-06
+CHANGES - 2.2.10 - 2018-12-07
 =============================
 
 
 Changes in CUPS v2.2.10
 -----------------------
 
+- CVE-2018-4700: Linux session cookies used a predictable random number seed.
 - The `lpoptions` command now works with IPP Everywhere printers that have not
   yet been added as local queues (Issue #5045)
 - Added USB quirk rules (Issue #5395, Issue #5443)
diff --git a/cgi-bin/var.c b/cgi-bin/var.c
index 649b65ba9a..579f23ba30 100644
--- a/cgi-bin/var.c
+++ b/cgi-bin/var.c
@@ -1207,6 +1207,7 @@ cgi_set_sid(void)
   const char		*remote_addr,	/* REMOTE_ADDR */
 			*server_name,	/* SERVER_NAME */
 			*server_port;	/* SERVER_PORT */
+  struct timeval	curtime;	/* Current time */
 
 
   if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
@@ -1216,7 +1217,8 @@ cgi_set_sid(void)
   if ((server_port = getenv("SERVER_PORT")) == NULL)
     server_port = "SERVER_PORT";
 
-  CUPS_SRAND(time(NULL));
+  gettimeofday(&curtime, NULL);
+  CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
   snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
            remote_addr, server_name, server_port,
 	   (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,