commit 81993741e71a9bb2d0574266dbc98f00ba2f7476
parent b1018c228429d7086249fbdd95ae438de4af0638
Author: ukai <ukai>
Date: Tue, 8 Apr 2003 16:01:37 +0000
[w3m] local cookie string is too easy to guess.
* fm.h (Local_cookie): deleted
* local.c (Local_cookie): static
(writeLocalCookie): localCookie()
(setLocalCookie): deleted
(localCookie): added
* main.c (main): delete srand48(), setLocalCookie()
(adBmark): s/Local_cookie/localCookie()/
* proto.h (setLocalCookie): deleted
(localCookie): added
* rc.c (load_option_panel): s/Local_cookie/localCookie()/
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Diffstat:
6 files changed, 27 insertions(+), 11 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,17 @@
+2003-04-09 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
+
+ * [w3m] local cookie string is too easy to guess.
+ * fm.h (Local_cookie): deleted
+ * local.c (Local_cookie): static
+ (writeLocalCookie): localCookie()
+ (setLocalCookie): deleted
+ (localCookie): added
+ * main.c (main): delete srand48(), setLocalCookie()
+ (adBmark): s/Local_cookie/localCookie()/
+ * proto.h (setLocalCookie): deleted
+ (localCookie): added
+ * rc.c (load_option_panel): s/Local_cookie/localCookie()/
+
2003-04-08 Fumitoshi UKAI <ukai@debian.or.jp>
* [w3m-dev 03858] configure cleanup
diff --git a/fm.h b/fm.h
@@ -976,7 +976,6 @@ global char *migemo_command init(DEF_MIGEMO_COMMAND);
#endif /* USE_MIGEMO */
global struct auth_cookie *Auth_cookie init(NULL);
-global Str Local_cookie init(NULL);
#ifdef USE_COOKIE
global struct cookie *First_cookie init(NULL);
#endif /* USE_COOKIE */
diff --git a/local.c b/local.c
@@ -20,6 +20,7 @@
#define CGIFN_LIBDIR 1
#define CGIFN_CGIBIN 2
+static Str Local_cookie = NULL;
static char *Local_cookie_file = NULL;
static void
@@ -36,19 +37,24 @@ writeLocalCookie()
f = fopen(Local_cookie_file, "wb");
if (!f)
return;
+ localCookie();
fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f);
fclose(f);
chmod(Local_cookie_file, S_IRUSR | S_IWUSR);
}
/* setup cookie for local CGI */
-void
-setLocalCookie()
+Str
+localCookie()
{
char hostname[256];
- gethostname(hostname, 256);
- Local_cookie = Sprintf("%d.%ld@%s", CurrentPid, lrand48(), hostname);
+ if (Local_cookie)
+ return Local_cookie;
+ gethostname(hostname, 256);
+ srand48((long)New(char) + (long)time(NULL));
+ Local_cookie = Sprintf("%ld@%s", lrand48(), hostname);
+ return Local_cookie;
}
Str
diff --git a/main.c b/main.c
@@ -369,8 +369,6 @@ main(int argc, char **argv, char **envp)
prepare_sys_errlist();
#endif /* not HAVE_SYS_ERRLIST */
- srand48(time(0));
-
NO_proxy_domains = newTextList();
fileToDelete = newTextList();
@@ -742,7 +740,6 @@ main(int argc, char **argv, char **envp)
#ifdef USE_COOKIE
initCookie();
#endif /* USE_COOKIE */
- setLocalCookie(); /* setup cookie for local CGI */
#ifdef USE_HISTORY
if (UseHistory)
loadHistory(URLHist);
@@ -4009,7 +4006,7 @@ adBmark(void)
FormList *request;
tmp = Sprintf("mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
- (Str_form_quote(Local_cookie))->ptr,
+ (Str_form_quote(localCookie()))->ptr,
(Str_form_quote(Strnew_charp(BookmarkFile)))->ptr,
(Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))->
ptr,
diff --git a/proto.h b/proto.h
@@ -581,7 +581,7 @@ extern char *etcFile(char *base);
extern char *auxbinFile(char *base);
extern char *libFile(char *base);
extern char *helpFile(char *base);
-extern void setLocalCookie(void);
+extern Str localCookie(void);
extern Str loadLocalDir(char *dirname);
extern void set_environ(char *var, char *value);
extern FILE *localcgi_post(char *, char *, FormList *, char *);
diff --git a/rc.c b/rc.c
@@ -1458,7 +1458,7 @@ Buffer *
load_option_panel(void)
{
Str src = Sprintf(optionpanel_src1, html_quote(w3m_version),
- html_quote(Local_cookie->ptr), CMT_HELPER);
+ html_quote(localCookie()->ptr), CMT_HELPER);
struct param_ptr *p;
struct sel_c *s;
int x, i;
