From 95b919c0b6b731d16e92dd748e654cefeba0bd32 Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Mon, 24 Jan 2011 13:43:38 -0800
Subject: Bug 619594: (CVE-2010-4568) [SECURITY] Improve the randomness of
 generate_random_password, to protect against an account compromise issue and
 other critical vulnerabilities. r=LpSolit, a=LpSolit

https://bugzilla.mozilla.org/show_bug.cgi?id=621591
---
 Bugzilla/Util.pm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/Util.pm')

diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 457eb7d02..f9e8d12f7 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -54,6 +54,7 @@ use DateTime::TimeZone;
 use Digest;
 use Email::Address;
 use List::Util qw(first);
+use Math::Random::Secure qw(irand);
 use Scalar::Util qw(tainted);
 use Template::Filters;
 use Text::Wrap;
@@ -535,9 +536,15 @@ sub bz_crypt {
     return $crypted_password;
 }
 
+# If you want to understand the security of strings generated by this
+# function, here's a quick formula that will help you estimate:
+# We pick from 62 characters, which is close to 64, which is 2^6.
+# So 8 characters is (2^6)^8 == 2^48 combinations. Just multiply 6
+# by the number of characters you generate, and that gets you the equivalent
+# strength of the string in bits.
 sub generate_random_password {
     my $size = shift || 10; # default to 10 chars if nothing specified
-    return join("", map{ ('0'..'9','a'..'z','A'..'Z')[rand 62] } (1..$size));
+    return join("", map{ ('0'..'9','a'..'z','A'..'Z')[irand 62] } (1..$size));
 }
 
 sub validate_email_syntax {
-- 
cgit v1.2.3-24-g4f1b