diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2013-04-20 23:32:33 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2013-04-20 23:32:33 +0000 |
| commit | 636870d61717d38e2a361956c0a747161cb08062 (patch) | |
| tree | fafc0b3582e63af8a4c4ba8fcb648cbe51c31ebc /usr.sbin/npppd/pptp | |
| parent | fe6a9d999717c6044f691f87a264cd4e8bb77021 (diff) | |
Don't use random() because it's not safe. Use arc4random() instead of
it. Suggested by deraadt.
Diffstat (limited to 'usr.sbin/npppd/pptp')
| -rw-r--r-- | usr.sbin/npppd/pptp/pptp_ctrl.c | 6 | ||||
| -rw-r--r-- | usr.sbin/npppd/pptp/pptpd.c | 8 |
2 files changed, 7 insertions, 7 deletions
diff --git a/usr.sbin/npppd/pptp/pptp_ctrl.c b/usr.sbin/npppd/pptp/pptp_ctrl.c index a983b5051a1..a42e8635166 100644 --- a/usr.sbin/npppd/pptp/pptp_ctrl.c +++ b/usr.sbin/npppd/pptp/pptp_ctrl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pptp_ctrl.c,v 1.7 2012/09/18 13:14:08 yasuoka Exp $ */ +/* $OpenBSD: pptp_ctrl.c,v 1.8 2013/04/20 23:32:32 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -29,7 +29,7 @@ * PPTP(RFC 2637) control connection implementation. * currently it only support PAC part */ -/* $Id: pptp_ctrl.c,v 1.7 2012/09/18 13:14:08 yasuoka Exp $ */ +/* $Id: pptp_ctrl.c,v 1.8 2013/04/20 23:32:32 yasuoka Exp $ */ #include <sys/types.h> #include <sys/param.h> #include <sys/socket.h> @@ -130,7 +130,7 @@ pptp_ctrl_init(pptp_ctrl *_this) } _this->last_rcv_ctrl = curr_time; _this->last_snd_ctrl = curr_time; - _this->echo_seq = (random() << 16 )| (random() & 0xffff); + _this->echo_seq = arc4random(); _this->echo_interval = PPTP_CTRL_DEFAULT_ECHO_INTERVAL; _this->echo_timeout = PPTP_CTRL_DEFAULT_ECHO_TIMEOUT; slist_init(&_this->call_list); diff --git a/usr.sbin/npppd/pptp/pptpd.c b/usr.sbin/npppd/pptp/pptpd.c index c4fceaedb0b..37969802d97 100644 --- a/usr.sbin/npppd/pptp/pptpd.c +++ b/usr.sbin/npppd/pptp/pptpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pptpd.c,v 1.17 2013/04/20 07:00:19 yasuoka Exp $ */ +/* $OpenBSD: pptpd.c,v 1.18 2013/04/20 23:32:32 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -25,12 +25,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: pptpd.c,v 1.17 2013/04/20 07:00:19 yasuoka Exp $ */ +/* $Id: pptpd.c,v 1.18 2013/04/20 23:32:32 yasuoka Exp $ */ /**@file * This file provides a implementation of PPTP daemon. Currently it * provides functions for PAC (PPTP Access Concentrator) only. - * $Id: pptpd.c,v 1.17 2013/04/20 07:00:19 yasuoka Exp $ + * $Id: pptpd.c,v 1.18 2013/04/20 23:32:32 yasuoka Exp $ */ #include <sys/types.h> #include <sys/param.h> @@ -122,7 +122,7 @@ pptpd_init(pptpd *_this) for (i = 0; i < countof(call) ; i++) call[i] = i + 1; for (i = countof(call); i > 1; i--) { - m = random() % i; + m = arc4random() % i; call0 = call[m]; call[m] = call[i - 1]; call[i - 1] = call0; |