mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
require a strong PRNG for temp filename generation
Since predictable names for temporary files can potentially cause a security issue, require such filenames to be generated with unpredictable randomness. Signed-off-by: Heiko Hund <heiko@openvpn.net>
This commit is contained in:
parent
e484aceec9
commit
bf6d373c93
@ -47,7 +47,7 @@ inline void write_binary_atomic(const std::string &fn,
|
||||
const mode_t mode,
|
||||
const std::uint64_t mtime_ns, // set explicit modification-time in nanoseconds since epoch, or 0 to defer to system
|
||||
const ConstBuffer &buf,
|
||||
RandomAPI &rng)
|
||||
StrongRandomAPI &rng)
|
||||
{
|
||||
// generate temporary filename
|
||||
const std::string tfn = tmp_filename(fn, tmpdir, rng);
|
||||
@ -69,7 +69,7 @@ inline void write_binary_atomic(const std::string &fn,
|
||||
const mode_t mode,
|
||||
const std::uint64_t mtime_ns,
|
||||
const Buffer &buf,
|
||||
RandomAPI &rng)
|
||||
StrongRandomAPI &rng)
|
||||
{
|
||||
write_binary_atomic(fn, tmpdir, mode, mtime_ns, const_buffer_ref(buf), rng);
|
||||
}
|
||||
|
@ -55,7 +55,7 @@ inline void write_atomic(const std::string &fn,
|
||||
const std::uint64_t mtime_ns, // set explicit modification-time in nanoseconds since epoch, or 0 to defer to system
|
||||
const Json::Value &root,
|
||||
const size_t size_hint,
|
||||
RandomAPI &rng)
|
||||
StrongRandomAPI &rng)
|
||||
{
|
||||
BufferPtr bp = new BufferAllocated(size_hint, BufferAllocated::GROW);
|
||||
format_compact(root, *bp);
|
||||
|
@ -31,7 +31,7 @@ namespace openvpn {
|
||||
// of an existing filename.
|
||||
inline std::string tmp_filename(const std::string &fn,
|
||||
const std::string &tmpdir,
|
||||
RandomAPI &rng)
|
||||
StrongRandomAPI &rng)
|
||||
{
|
||||
unsigned char data[16];
|
||||
rng.rand_fill(data);
|
||||
|
Loading…
Reference in New Issue
Block a user