[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [bridgedb/develop] Fixed the insecure pseudorandom generator for selecting captcha

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [bridgedb/develop] Fixed the insecure pseudorandom generator for selecting captcha
From: phw@xxxxxxxxxxxxxx
Date: Tue, 24 Mar 2020 16:41:37 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 24 Mar 2020 12:41:46 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: agix <columbeff@xxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit cd10f409d91b5a9bbaaa319a196a71f1d4686612
Author: agix <columbeff@xxxxxxxxx>
Date:   Tue Mar 24 15:11:08 2020 +0100

    Fixed the insecure pseudorandom generator for selecting captcha
    
    Signed-off-by: Philipp Winter <phw@xxxxxxxxx>
---
 bridgedb/captcha.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bridgedb/captcha.py b/bridgedb/captcha.py
index 2bdf6b9..adc1c46 100644
--- a/bridgedb/captcha.py
+++ b/bridgedb/captcha.py
@@ -389,7 +389,7 @@ class GimpCaptcha(Captcha):
             and a challenge string (used for checking the client's solution).
         """
         try:
-            imageFilename = random.choice(os.listdir(self.cacheDir))
+            imageFilename = random.SystemRandom().choice(os.listdir(self.cacheDir))
             imagePath = os.path.join(self.cacheDir, imageFilename)
             with open(imagePath, 'rb') as imageFile:
                 self.image = imageFile.read()



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [bridgedb/develop] Merge branch 'defect/31967' into develop
Next by Author: [tor-commits] [bridgedb/develop] Add CHANGELOG entry for #31967.
Previous by thread: [tor-commits] [torbutton/master] Bug 33482: Update about:tor donate string
Next by thread: [tor-commits] [bridgedb/develop] Add CHANGELOG entry for #31967.
Index(es):
- Author
- Thread