Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix insecure random number generator use #222

Merged
merged 2 commits into from Jan 19, 2016
Merged

Fix insecure random number generator use #222

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
802fe29
Fix insecure random number generator use
Jan 18, 2016
9eb88db
Add trailing blank line
Jan 18, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 3 additions & 9 deletions include/common.php
View file
Open in desktop
Expand Up @@ -1750,18 +1750,12 @@ function generate_web_api_key()
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 40;

// seed with microseconds
function make_seed_recoverpass()
{
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
srand(make_seed_recoverpass());

$key = "";
$max=strlen($keychars)-1;
for ($i=0;$i<$length;$i++) {
$key .= substr($keychars, rand(0, $max), 1);
// random_int is available in PHP 7 and the random_compat PHP 5.x
// polyfill included in the Composer package.json dependencies.
$key .= substr($keychars, random_int(0, $max), 1);
}
return $key;
}
Expand Down
36 changes: 12 additions & 24 deletions include/login_functions.php
View file
Open in desktop
Expand Up @@ -34,22 +34,16 @@ function databaseAuthenticate($email, $password, $SessionCachePolicy, $rememberm
$cookiename = "CDash-".$_SERVER['SERVER_NAME'];
$time = time()+60*60*24*30; // 30 days;

// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 32;

// seed with microseconds
function make_seed_recoverpass()
{
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
srand(make_seed_recoverpass());

$key = "";
$max=strlen($keychars)-1;
for ($i=0;$i<=$length;$i++) {
$key .= substr($keychars, rand(0, $max), 1);
// random_int is available in PHP 7 and the random_compat PHP 5.x
// polyfill included in the Composer package.json dependencies.
$key .= substr($keychars, random_int(0, $max), 1);
}

$value = $user_array['id'].$key;
Expand Down Expand Up @@ -153,29 +147,23 @@ function ldapAuthenticate($email, $password, $SessionCachePolicy, $rememberme)
$cookiename = "CDash-".$_SERVER['SERVER_NAME'];
$time = time()+60*60*24*30; // 30 days;

// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 32;

// seed with microseconds
function make_seed_recoverpass()
{
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
srand(make_seed_recoverpass());

$key = "";
$max=strlen($keychars)-1;
for ($i=0;$i<=$length;$i++) {
$key .= substr($keychars, rand(0, $max), 1);
// random_int is available in PHP 7 and the random_compat PHP 5.x
// polyfill included in the Composer package.json dependencies.
$key .= substr($keychars, random_int(0, $max), 1);
}

$value = $userid.$key;
setcookie($cookiename, $value, $time);

// Update the user key
pdo_query("UPDATE ".qid("user")." SET cookiekey='".$key."' WHERE id=".qnum($userid));
// Update the user key
pdo_query("UPDATE ".qid("user")." SET cookiekey='".$key."' WHERE id=".qnum($userid));
}

session_name("CDash");
Expand Down
18 changes: 6 additions & 12 deletions public/manageProjectRoles.php
View file
Open in desktop
Expand Up @@ -97,12 +97,6 @@

@$registerUser = $_POST["registerUser"];

function make_seed_recoverpass()
{
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}

// Register a user and send the email
function register_user($projectid, $email, $firstName, $lastName, $repositoryCredential)
{
Expand Down Expand Up @@ -142,17 +136,17 @@ function register_user($projectid, $email, $firstName, $lastName, $repositoryCre
return "<error>".$repositoryCredential." was already registered for this project under a different email address</error>";
}

// Register the user
// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
// Register the user
// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 10;

srand(make_seed_recoverpass());

$pass = "";
$max=strlen($keychars)-1;
for ($i=0;$i<=$length;$i++) {
$pass .= substr($keychars, rand(0, $max), 1);
// random_int is available in PHP 7 and the random_compat PHP 5.x
// polyfill included in the Composer package.json dependencies.
$pass .= substr($keychars, random_int(0, $max), 1);
}
$encrypted = md5($pass);

Expand Down
7 changes: 3 additions & 4 deletions public/register.php
View file
Open in desktop
Expand Up @@ -108,16 +108,15 @@ function register()
$institution = pdo_real_escape_string($institution);

if ($CDASH_REGISTRATION_EMAIL_VERIFY) {
// Create a key
srand(microtime_float());

$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 40;

$key = "";
$max=strlen($keychars)-1;
for ($i=0;$i<$length;$i++) {
$key .= substr($keychars, rand(0, $max), 1);
// random_int is available in PHP 7 and the random_compat PHP 5.x
// polyfill included in the Composer package.json dependencies.
$key .= substr($keychars, random_int(0, $max), 1);
}

$date = date(FMT_DATETIME);
Expand Down