mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 04:02:15 +02:00
Code

require a strong PRNG for temp filename generation

Browse Source 
Since predictable names for temporary files can potentially cause a
security issue, require such filenames to be generated with
unpredictable randomness.

Signed-off-by: Heiko Hund <heiko@openvpn.net>
This commit is contained in:
Heiko Hund 2023-11-21 03:40:14 +01:00
parent e484aceec9
commit bf6d373c93
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openvpn/common/fileatomic.hpp
View File

@ -47,7 +47,7 @@ inline void write_binary_atomic(const std::string &fn,
const mode_t mode,
const std::uint64_t mtime_ns, // set explicit modification-time in nanoseconds since epoch, or 0 to defer to system
const ConstBuffer &buf,
RandomAPI &rng)
StrongRandomAPI &rng)
{
// generate temporary filename
const std::string tfn = tmp_filename(fn, tmpdir, rng);
@ -69,7 +69,7 @@ inline void write_binary_atomic(const std::string &fn,
const mode_t mode,
const std::uint64_t mtime_ns,
const Buffer &buf,
RandomAPI &rng)
StrongRandomAPI &rng)
{
write_binary_atomic(fn, tmpdir, mode, mtime_ns, const_buffer_ref(buf), rng);
}

2
openvpn/common/jsonfile.hpp
View File

@ -55,7 +55,7 @@ inline void write_atomic(const std::string &fn,
const std::uint64_t mtime_ns, // set explicit modification-time in nanoseconds since epoch, or 0 to defer to system
const Json::Value &root,
const size_t size_hint,
RandomAPI &rng)
StrongRandomAPI &rng)
{
BufferPtr bp = new BufferAllocated(size_hint, BufferAllocated::GROW);
format_compact(root, *bp);

2
openvpn/common/tmpfilename.hpp
View File

@ -31,7 +31,7 @@ namespace openvpn {
// of an existing filename.
inline std::string tmp_filename(const std::string &fn,
const std::string &tmpdir,
RandomAPI &rng)
StrongRandomAPI &rng)
{
unsigned char data[16];
rng.rand_fill(data);