From 191dd6e89fdca2108cfaf405e968a980ec6728ee Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Mon, 12 Jun 2017 16:12:30 -0700 Subject: Change the mask generator to use QRandomGenerator instead of qs?rand This makes it secure, instead of insecure, and requires no seeding. Task-number: QTBUG-61694 Change-Id: Ia53158e207a94bf49489fffd14c782bd4ec24946 Reviewed-by: Jesus Fernandez Reviewed-by: Timur Pocheptsov --- src/websockets/qdefaultmaskgenerator_p.cpp | 18 +++++++++--------- src/websockets/qmaskgenerator.cpp | 2 +- src/websockets/qwebsocket.cpp | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/websockets/qdefaultmaskgenerator_p.cpp b/src/websockets/qdefaultmaskgenerator_p.cpp index 1035e8f..7dc0cee 100644 --- a/src/websockets/qdefaultmaskgenerator_p.cpp +++ b/src/websockets/qdefaultmaskgenerator_p.cpp @@ -48,7 +48,7 @@ malicious scripts to attack bad behaving proxies. For more information about the importance of good masking, see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}. - The default mask generator uses the cryptographically insecure qrand() function. + The default mask generator uses the reasonably secure QRandomGenerator::get32() function. The best measure against attacks mentioned in the document above, is to use QWebSocket over a secure connection (\e wss://). In general, always be careful to not have 3rd party script access to @@ -58,8 +58,7 @@ */ #include "qdefaultmaskgenerator_p.h" -#include -#include +#include QT_BEGIN_NAMESPACE @@ -83,25 +82,26 @@ QDefaultMaskGenerator::~QDefaultMaskGenerator() } /*! - Seeds the QDefaultMaskGenerator using qsrand(). - When seed() is not called, no seed is used at all. - \internal */ bool QDefaultMaskGenerator::seed() Q_DECL_NOEXCEPT { - qsrand(static_cast(QDateTime::currentMSecsSinceEpoch())); return true; } /*! - Generates a new random mask using the insecure qrand() method. + Generates a new random mask using the insecure QRandomGenerator::get32() method. \internal */ quint32 QDefaultMaskGenerator::nextMask() Q_DECL_NOEXCEPT { - return quint32((double(qrand()) / RAND_MAX) * std::numeric_limits::max()); + quint32 value = QRandomGenerator::get32(); + while (Q_UNLIKELY(value == 0)) { + // a mask of zero has a special meaning + value = QRandomGenerator::get32(); + } + return value; } QT_END_NAMESPACE diff --git a/src/websockets/qmaskgenerator.cpp b/src/websockets/qmaskgenerator.cpp index 064ada2..56d1223 100644 --- a/src/websockets/qmaskgenerator.cpp +++ b/src/websockets/qmaskgenerator.cpp @@ -50,7 +50,7 @@ malicious scripts from attacking badly behaving proxies. For more information about the importance of good masking, see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}. - By default QWebSocket uses the cryptographically insecure qrand() function. + By default QWebSocket uses the reasonably secure QRandomGenerator::get32() function. The best measure against attacks mentioned in the document above, is to use QWebSocket over a secure connection (\e wss://). In general, always be careful to not have 3rd party script access to diff --git a/src/websockets/qwebsocket.cpp b/src/websockets/qwebsocket.cpp index ba343e4..30bb39d 100644 --- a/src/websockets/qwebsocket.cpp +++ b/src/websockets/qwebsocket.cpp @@ -63,8 +63,8 @@ In that case, non-secure WebSocket connections fail. The best way to mitigate against this problem is to use WebSocket over a secure connection. - \warning To generate masks, this implementation of WebSockets uses the cryptographically - insecure qrand() function. + \warning To generate masks, this implementation of WebSockets uses the reasonably + secure QRandomGenerator::get32() function. For more information about the importance of good masking, see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}. The best measure against attacks mentioned in the document above, -- cgit v1.2.1