mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dsheets-auth-gosec-rand-ignore'

This commit is contained in:
Andrey Meshkov 2020-09-08 15:25:09 +03:00
parent c5ca2e60c6 3c2481f91d
commit 22d0341a4c
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
home/auth.go
View File

@ -276,7 +276,11 @@ type loginJSON struct {
}
func getSession(u *User) []byte {
d := []byte(fmt.Sprintf("%d%s%s", rand.Uint32(), u.Name, u.PasswordHash))
// the developers don't currently believe that using a
// non-cryptographic RNG for the session hash salt is
// insecure
salt := rand.Uint32() //nolint:gosec
d := []byte(fmt.Sprintf("%d%s%s", salt, u.Name, u.PasswordHash))
hash := sha256.Sum256(d)
return hash[:]
}