#31967: BridgeDB Server uses insecure pseudorandom generator for selecting
cached
captcha
------------------------------------+-----------------------------------
Reporter: willbarr | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Circumvention/BridgeDB | Version: sbws: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------+-----------------------------------
Comment (by agix):
Subject: [PATCH] Fix for #31967. Changed pseudo-random generator to
random.SystemRandom.choice()
---
bridgedb/captcha.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bridgedb/captcha.py b/bridgedb/captcha.py
index b66972c..485974b 100644
--- a/bridgedb/captcha.py
+++ b/bridgedb/captcha.py
@@ -386,7 +386,7 @@ class GimpCaptcha(Captcha):
and a challenge string (used for checking the client's solution).
"""
try:
imageFilename = random.choice(os.listdir(self.cacheDir))
+ imageFilename = random.SystemRandom().choice(os.listdir(self.cacheDir))
imagePath = os.path.join(self.cacheDir, imageFilename)
with open(imagePath) as imageFile:
self.image = imageFile.read()
--
2.17.1
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31967#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
