a
/
badguardhome
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'auth-gosec-rand-ignore' of git://github.com/dsheets/AdGuardHome into dsheets-auth-gosec-rand-ignore

This commit is contained in:
Andrey Meshkov 2020-09-08 15:24:38 +03:00
parent c5ca2e60c6 9e87f0afed
commit 3c2481f91d
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
home/auth.go
View File

@ -276,7 +276,11 @@ type loginJSON struct {
}
func getSession(u *User) []byte {
d := []byte(fmt.Sprintf("%d%s%s", rand.Uint32(), u.Name, u.PasswordHash))
// the developers don't currently believe that using a
// non-cryptographic RNG for the session hash salt is
// insecure
salt := rand.Uint32() //nolint:gosec
d := []byte(fmt.Sprintf("%d%s%s", salt, u.Name, u.PasswordHash))
hash := sha256.Sum256(d)
return hash[:]
}