loolwsd/ChildSession.cpp | 2 +-
loolwsd/Util.cpp | 30 +++++++++++++++++++++---------
2 files changed, 22 insertions(+), 10 deletions(-)
New commits:
commit 8f3dcbcfb68393e3768f570c13598c3edf575dc3
Author: Ashod Nakashian <ashod.nakash...@collabora.co.uk>
Date: Mon May 30 20:42:44 2016 -0400
loolwsd: more secure random directories
Util::createRandomDirectory now uses /dev/urandom
(and a complex pseudo-random generator where missing)
to generate 64-byte long, Base64-encoded, names.
This should provide ample security compared to 64-bit
pseudo-random numbers hex-encoded, as was the case.
Change-Id: I714810a9fb03b5dcdbad7a15305940bf7457149e
Reviewed-on: https://gerrit.libreoffice.org/25696
Reviewed-by: Ashod Nakashian <ashnak...@gmail.com>
Tested-by: Ashod Nakashian <ashnak...@gmail.com>
diff --git a/loolwsd/ChildSession.cpp b/loolwsd/ChildSession.cpp
index 59f96f7..e102405 100644
--- a/loolwsd/ChildSession.cpp
+++ b/loolwsd/ChildSession.cpp
@@ -787,12 +787,12 @@ bool ChildSession::downloadAs(const char* /*buffer*/, int
/*length*/, StringToke
}
}
+ // The file is removed upon downloading.
const auto tmpDir = Util::createRandomDir(JAILED_DOCUMENT_ROOT);
const auto url = JAILED_DOCUMENT_ROOT + tmpDir + "/" + name;
std::unique_lock<std::recursive_mutex> lock(Mutex);
- //TODO: Cleanup the file after downloading.
_loKitDocument->saveAs(url.c_str(),
format.size() == 0 ? nullptr :format.c_str(),
filterOptions.size() == 0 ? nullptr : filterOptions.c_str());
diff --git a/loolwsd/Util.cpp b/loolwsd/Util.cpp
index 5c5ffe9..4e11d38 100644
--- a/loolwsd/Util.cpp
+++ b/loolwsd/Util.cpp
@@ -28,11 +28,13 @@
#include <sstream>
#include <string>
+#include <Poco/Base64Encoder.h>
#include <Poco/ConsoleChannel.h>
#include <Poco/Exception.h>
#include <Poco/Format.h>
#include <Poco/Net/WebSocket.h>
#include <Poco/Process.h>
+#include <Poco/RandomStream.h>
#include <Poco/TemporaryFile.h>
#include <Poco/Thread.h>
#include <Poco/Timestamp.h>
@@ -49,6 +51,7 @@ namespace rng
{
static std::random_device _rd;
static std::mutex _rngMutex;
+ static Poco::RandomBuf _randBuf;
// Create the prng with a random-device for seed.
// If we don't have a hardware random-device, we will get the same seed.
@@ -70,6 +73,21 @@ namespace rng
std::unique_lock<std::mutex> lock(_rngMutex);
return _rng();
}
+
+ std::vector<char> getBytes(const size_t length)
+ {
+ std::vector<char> v(length);
+ _randBuf.readFromDevice(v.data(), v.size());
+ return v;
+ }
+
+ std::string getString(const size_t length)
+ {
+ std::stringstream ss;
+ Poco::Base64Encoder b64(ss);
+ b64 << getBytes(length).data();
+ return ss.str().substr(0, length);
+ }
}
}
@@ -94,15 +112,9 @@ namespace Util
std::string createRandomDir(const std::string& path)
{
Poco::File(path).createDirectories();
- for (;;)
- {
- const auto name = Util::encodeId(rng::getNext());
- Poco::File dir(Poco::Path(path, name));
- if (dir.createDirectory())
- {
- return name;
- }
- }
+ const auto name = rng::getString(64);
+ Poco::File(Poco::Path(path, name)).createDirectories();
+ return name;
}
std::string getTempFilePath(const std::string srcDir, const std::string&
srcFilename)
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
