mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

home/auth: disable non-crypto RNG gosec lint check for session salt 

Fixes #2078.
This commit is contained in:
David Sheets 2020-09-07 10:04:31 +01:00
parent 8dc0108868
commit 9e87f0afed
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
home/auth.go
View File

@ -276,7 +276,11 @@ type loginJSON struct {
} }
func getSession(u *User) []byte { func getSession(u *User) []byte {
d := []byte(fmt.Sprintf("%d%s%s", rand.Uint32(), u.Name, u.PasswordHash)) // the developers don't currently believe that using a
// non-cryptographic RNG for the session hash salt is
// insecure
salt := rand.Uint32() //nolint:gosec
d := []byte(fmt.Sprintf("%d%s%s", salt, u.Name, u.PasswordHash))
hash := sha256.Sum256(d) hash := sha256.Sum256(d)
return hash[:] return hash[:]
} }