From 4e85b11eb11c630bd02a980ee18b2477341dd78e Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 30 Nov 2007 22:13:21 +0000
Subject: Ensure second and subsequent auth cookies are random. Spotted by
 George

2007-11-30  Ray Strode  <rstrode@redhat.com>

	Ensure second and subsequent auth cookies are
	random.  Spotted by George Lebl.

	* common/gdm-common.[ch] (gdm_generate_random_bytes):
	open /dev/urandom and read size bytes from it.
	(_fd_is_character_device): check if fd points to char
        device
	(_read_bytes): the usual loop until all bytes are read
	helper function for read().

	* daemon/gdm-display-access-file.c
	(generate_random_bytes): remove function
	(gdm_display_access_file_add_display):
	use gdm_generate_random_bytes instead of
	_generate_random_bytes

svn path=/trunk/; revision=5534
---
 daemon/gdm-display-access-file.c | 31 ++++++++++---------------------
 1 file changed, 10 insertions(+), 21 deletions(-)

(limited to 'daemon/gdm-display-access-file.c')

diff --git a/daemon/gdm-display-access-file.c b/daemon/gdm-display-access-file.c
index 0cc0edb3..08875682 100644
--- a/daemon/gdm-display-access-file.c
+++ b/daemon/gdm-display-access-file.c
@@ -36,6 +36,7 @@
 #include <X11/Xauth.h>
 
 #include "gdm-display-access-file.h"
+#include "gdm-common.h"
 
 struct _GdmDisplayAccessFilePrivate
 {
@@ -298,25 +299,6 @@ gdm_display_access_file_open (GdmDisplayAccessFile  *file,
         return TRUE;
 }
 
-static char *
-_generate_random_bytes (gsize size)
-{
-        char *bytes;
-        int i;
-
-        bytes = g_malloc (size);
-
-        for (i = 0; i < size; i++) {
-                guint8 byte;
-
-                byte = (guint8) g_random_int_range (0, G_MAXUINT8);
-
-                bytes[i] = (char) byte;
-        }
-
-        return bytes;
-}
-
 static void
 _get_auth_info_for_display (GdmDisplayAccessFile *file,
                             GdmDisplay           *display,
@@ -364,10 +346,17 @@ gdm_display_access_file_add_display (GdmDisplayAccessFile  *file,
         g_return_val_if_fail (file->priv->path != NULL, FALSE);
         g_return_val_if_fail (cookie != NULL, FALSE);
 
-        *cookie = _generate_random_bytes (GDM_DISPLAY_ACCESS_COOKIE_SIZE);
+        add_error = NULL;
+        *cookie = gdm_generate_random_bytes (GDM_DISPLAY_ACCESS_COOKIE_SIZE,
+                                             &add_error);
+
+        if (*cookie == NULL) {
+                g_propagate_error (error, add_error);
+                return FALSE;
+        }
+
         *cookie_size = GDM_DISPLAY_ACCESS_COOKIE_SIZE;
 
-        add_error = NULL;
         display_added = gdm_display_access_file_add_display_with_cookie (file, display,
                                                                          *cookie,
                                                                          *cookie_size,
-- 
cgit v1.2.1