diff options
author | Max Kanat-Alexander <mkanat@bugzilla.org> | 2011-01-24 22:43:38 +0100 |
---|---|---|
committer | Max Kanat-Alexander <mkanat@bugzilla.org> | 2011-01-24 22:43:38 +0100 |
commit | 95b919c0b6b731d16e92dd748e654cefeba0bd32 (patch) | |
tree | 254f2da4d90de25ae6700464f5e6705f8be8a98e /mod_perl.pl | |
parent | ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6 (diff) | |
download | bugzilla-95b919c0b6b731d16e92dd748e654cefeba0bd32.tar.gz bugzilla-95b919c0b6b731d16e92dd748e654cefeba0bd32.tar.xz |
Bug 619594: (CVE-2010-4568) [SECURITY] Improve the randomness of
generate_random_password, to protect against an account compromise issue
and other critical vulnerabilities.
r=LpSolit, a=LpSolit
https://bugzilla.mozilla.org/show_bug.cgi?id=621591
Diffstat (limited to 'mod_perl.pl')
-rw-r--r-- | mod_perl.pl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/mod_perl.pl b/mod_perl.pl index 3551abdaf..0c7caf173 100644 --- a/mod_perl.pl +++ b/mod_perl.pl @@ -37,6 +37,7 @@ use lib Bugzilla::Constants::bz_locations()->{'ext_libpath'}; use Apache2::ServerUtil; use ModPerl::RegistryLoader (); use File::Basename (); +use Math::Random::Secure; # This loads most of our modules. use Bugzilla (); @@ -60,8 +61,12 @@ my $cgi_path = Bugzilla::Constants::bz_locations()->{'cgi_path'}; # Set up the configuration for the web server my $server = Apache2::ServerUtil->server; my $conf = <<EOT; -# Make sure each httpd child receives a different random seed (bug 476622) -PerlChildInitHandler "sub { srand(); }" +# Make sure each httpd child receives a different random seed (bug 476622). +# Math::Random::Secure has one srand that needs to be called for +# every process, and Perl has another. (Various Perl modules still use +# the built-in rand(), even though we only use Math::Random::Secure in +# Bugzilla itself, so we need to srand() both of them.) +PerlChildInitHandler "sub { Math::Random::Secure::srand(); srand(); }" <Directory "$cgi_path"> AddHandler perl-script .cgi # No need to PerlModule these because they're already defined in mod_perl.pl |