From e8e8d3caf5562bf3093239150d3596271230a19d Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Tue, 22 Dec 2020 20:58:40 +0000 Subject: [PATCH] LibC: __generate_unique_filename(): Replace rand() with arc4random() LibC stdlib `arc4random()` uses the `getrandom` system call which uses `KernelRng::get_good_random_bytes`. This ensures that filenames generated using functions such as `mkstemp()` are suitably randomised and are no longer predictable. --- Libraries/LibC/stdlib.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Libraries/LibC/stdlib.cpp b/Libraries/LibC/stdlib.cpp index c24f7f878f..edaa1e5ee5 100644 --- a/Libraries/LibC/stdlib.cpp +++ b/Libraries/LibC/stdlib.cpp @@ -186,7 +186,7 @@ __attribute__((warn_unused_result)) int __generate_unique_filename(char* pattern for (int attempt = 0; attempt < 100; ++attempt) { for (int i = 0; i < 6; ++i) - pattern[start + i] = random_characters[(rand() % (sizeof(random_characters) - 1))]; + pattern[start + i] = random_characters[(arc4random() % (sizeof(random_characters) - 1))]; struct stat st; int rc = lstat(pattern, &st); if (rc < 0 && errno == ENOENT)