Blame SOURCES/cups-CVE-2018-4700.patch
|
 |
5ee0f1 |
diff --git a/cgi-bin/var.c b/cgi-bin/var.c
|
|
|
5ee0f1 |
index 8b8c026..67175e9 100644
|
|
|
5ee0f1 |
--- a/cgi-bin/var.c
|
|
|
5ee0f1 |
+++ b/cgi-bin/var.c
|
|
|
5ee0f1 |
@@ -1221,6 +1221,7 @@ cgi_set_sid(void)
|
|
|
5ee0f1 |
const char *remote_addr, /* REMOTE_ADDR */
|
|
|
5ee0f1 |
*server_name, /* SERVER_NAME */
|
|
|
5ee0f1 |
*server_port; /* SERVER_PORT */
|
|
|
5ee0f1 |
+ struct timeval curtime; /* Current time */
|
|
|
5ee0f1 |
|
|
|
5ee0f1 |
|
|
|
5ee0f1 |
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
|
|
|
5ee0f1 |
@@ -1230,7 +1231,8 @@ cgi_set_sid(void)
|
|
|
5ee0f1 |
if ((server_port = getenv("SERVER_PORT")) == NULL)
|
|
|
5ee0f1 |
server_port = "SERVER_PORT";
|
|
|
5ee0f1 |
|
|
|
5ee0f1 |
- CUPS_SRAND(time(NULL));
|
|
|
5ee0f1 |
+ gettimeofday(&curtime, NULL);
|
|
|
5ee0f1 |
+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
|
|
|
5ee0f1 |
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
5ee0f1 |
remote_addr, server_name, server_port,
|
|
|
5ee0f1 |
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,
|