From b9ff93ce913ff633a3f667317e5a81fa7fe0d5d3 Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Fri, 7 Dec 2018 12:08:27 -0500 Subject: [PATCH] CVE-2018-4700: Linux session cookies used a predictable random number seed. --- CHANGES.md | 3 ++- cgi-bin/var.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 0626f307df..ebeef6fedc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,4 +1,4 @@ -CHANGES - 2.3b6 - 2018-12-06 +CHANGES - 2.3b6 - 2018-12-07 ============================ Changes in CUPS v2.3b6 @@ -7,6 +7,7 @@ Changes in CUPS v2.3b6 - Localization update (Issue #5339, Issue #5348, Issue #5362, Issue #5408, Issue #5410) - Documentation updates (Issue #5369, Issue #5402, Issue #5403, Issue #5404) +- CVE-2018-4700: Linux session cookies used a predictable random number seed. - All user commands now support the `--help` option (Issue #5326) - The `lpoptions` command now works with IPP Everywhere printers that have not yet been added as local queues (Issue #5045) diff --git a/cgi-bin/var.c b/cgi-bin/var.c index 316b67f05e..12f3c83448 100644 --- a/cgi-bin/var.c +++ b/cgi-bin/var.c @@ -1186,6 +1186,7 @@ cgi_set_sid(void) const char *remote_addr, /* REMOTE_ADDR */ *server_name, /* SERVER_NAME */ *server_port; /* SERVER_PORT */ + struct timeval curtime; /* Current time */ if ((remote_addr = getenv("REMOTE_ADDR")) == NULL) @@ -1195,7 +1196,8 @@ cgi_set_sid(void) if ((server_port = getenv("SERVER_PORT")) == NULL) server_port = "SERVER_PORT"; - CUPS_SRAND(time(NULL)); + gettimeofday(&curtime, NULL); + CUPS_SRAND(curtime.tv_sec + curtime.tv_usec); snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X", remote_addr, server_name, server_port, (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255, -- 2.47.2