[JDEV] Still another patch ... (seed the rand() function)

Matthias Wimmer m at tthias.net
Sat Oct 11 18:11:00 CDT 2003


Sorry to flood this mailinglist this week end. ;-) This is another patch
for jadc2s.

jadc2s used the rand() function to generate ids for the digest
authentication but never seeds the rand() function. The result is that
with every restart of jadc2s it generates the same sequence of ids
again. This is a very bad behavior especially on servers with less load.
An attacker could takeover and account if he is able to sniff
connections and if he is able to crash jadc2s (or jadc2s is restarted
regularily). He can just sniff which id was sent to the client and what
the client sent back as response. Afterwards he crashes jadc2s or waits
for an other restart. Then he just has to wait for the right moment
where the server will generate this key again (counting the logins),
connect to it and he will be successfully able to authenticate as the
other user. By changing the password he has taken over the account.

The fix is to just seed the rand() function at startup of jadc2s with
the current time that will be different for every restart. (But using
rand() to generate the digest ids still isn't a very strong

Tot kijk

--- jadc2s.c	2003-10-10 11:05:45.000000000 +0200
+++ jadc2s-srand.c	2003-10-12 00:53:41.000000000 +0200
@@ -200,6 +200,9 @@
         return 1;
+    /* seed the rand() function */
+    srand(time(NULL));
     /* start logging */
     c2s->log = log_new("jadc2s");
     log_write(c2s->log, LOG_NOTICE, "starting up");

For kibibytes see:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20031012/17a7cd5b/attachment-0002.pgp>

More information about the JDev mailing list