From 25999cbbc8c0d9d2803105dcc42199bd8a10b57d Mon Sep 17 00:00:00 2001
From: Fumitoshi UKAI <ukai@debian.or.jp>
Date: Tue, 8 Apr 2003 16:01:37 +0000
Subject: [w3m] local cookie string is too easy to guess. * fm.h
 (Local_cookie): deleted * local.c (Local_cookie): static 
 (writeLocalCookie): localCookie() 	(setLocalCookie): deleted 
 (localCookie): added * main.c (main): delete srand48(), setLocalCookie() 
 (adBmark): s/Local_cookie/localCookie()/ * proto.h (setLocalCookie): deleted 
 (localCookie): added * rc.c (load_option_panel):
 s/Local_cookie/localCookie()/ From: Hironori SAKAMOTO
 <hsaka@mth.biglobe.ne.jp>

---
 ChangeLog | 16 +++++++++++++++-
 fm.h      |  3 +--
 local.c   | 16 +++++++++++-----
 main.c    |  7 ++-----
 proto.h   |  4 ++--
 rc.c      |  4 ++--
 6 files changed, 33 insertions(+), 17 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 64160c7..f362c07 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2003-04-09  Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
+
+	* [w3m] local cookie string is too easy to guess.
+	* fm.h (Local_cookie): deleted
+	* local.c (Local_cookie): static
+		(writeLocalCookie): localCookie()
+		(setLocalCookie): deleted
+		(localCookie): added
+	* main.c (main): delete srand48(), setLocalCookie()
+		(adBmark): s/Local_cookie/localCookie()/
+	* proto.h (setLocalCookie): deleted
+		(localCookie): added
+	* rc.c (load_option_panel): s/Local_cookie/localCookie()/
+
 2003-04-08  Fumitoshi UKAI  <ukai@debian.or.jp>
 
 	* [w3m-dev 03858] configure cleanup
@@ -7690,4 +7704,4 @@ a	* [w3m-dev 03276] compile error on EWS4800
 	* release-0-2-1
 	* import w3m-0.2.1
 
-$Id: ChangeLog,v 1.816 2003/04/07 16:39:23 ukai Exp $
+$Id: ChangeLog,v 1.817 2003/04/08 16:01:37 ukai Exp $
diff --git a/fm.h b/fm.h
index 2544a2d..e4c35bb 100644
--- a/fm.h
+++ b/fm.h
@@ -1,4 +1,4 @@
-/* $Id: fm.h,v 1.115 2003/04/07 16:27:10 ukai Exp $ */
+/* $Id: fm.h,v 1.116 2003/04/08 16:01:38 ukai Exp $ */
 /* 
  * w3m: WWW wo Miru utility
  * 
@@ -976,7 +976,6 @@ global char *migemo_command init(DEF_MIGEMO_COMMAND);
 #endif				/* USE_MIGEMO */
 
 global struct auth_cookie *Auth_cookie init(NULL);
-global Str Local_cookie init(NULL);
 #ifdef USE_COOKIE
 global struct cookie *First_cookie init(NULL);
 #endif				/* USE_COOKIE */
diff --git a/local.c b/local.c
index 9d11f61..69a31ba 100644
--- a/local.c
+++ b/local.c
@@ -1,4 +1,4 @@
-/* $Id: local.c,v 1.28 2003/02/08 18:23:53 ukai Exp $ */
+/* $Id: local.c,v 1.29 2003/04/08 16:01:39 ukai Exp $ */
 #include "fm.h"
 #include <string.h>
 #include <stdio.h>
@@ -20,6 +20,7 @@
 #define CGIFN_LIBDIR     1
 #define CGIFN_CGIBIN     2
 
+static Str Local_cookie = NULL;
 static char *Local_cookie_file = NULL;
 
 static void
@@ -36,19 +37,24 @@ writeLocalCookie()
     f = fopen(Local_cookie_file, "wb");
     if (!f)
 	return;
+    localCookie();
     fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f);
     fclose(f);
     chmod(Local_cookie_file, S_IRUSR | S_IWUSR);
 }
 
 /* setup cookie for local CGI */
-void
-setLocalCookie()
+Str
+localCookie()
 {
     char hostname[256];
-    gethostname(hostname, 256);
 
-    Local_cookie = Sprintf("%d.%ld@%s", CurrentPid, lrand48(), hostname);
+    if (Local_cookie)
+        return Local_cookie;
+    gethostname(hostname, 256);
+    srand48((long)New(char) + (long)time(NULL));
+    Local_cookie = Sprintf("%ld@%s", lrand48(), hostname);
+    return Local_cookie;
 }
 
 Str
diff --git a/main.c b/main.c
index 7b26a21..fa5a00b 100644
--- a/main.c
+++ b/main.c
@@ -1,4 +1,4 @@
-/* $Id: main.c,v 1.221 2003/04/07 15:24:01 ukai Exp $ */
+/* $Id: main.c,v 1.222 2003/04/08 16:01:39 ukai Exp $ */
 #define MAINPROGRAM
 #include "fm.h"
 #include <signal.h>
@@ -369,8 +369,6 @@ main(int argc, char **argv, char **envp)
     prepare_sys_errlist();
 #endif				/* not HAVE_SYS_ERRLIST */
 
-    srand48(time(0));
-
     NO_proxy_domains = newTextList();
     fileToDelete = newTextList();
 
@@ -742,7 +740,6 @@ main(int argc, char **argv, char **envp)
 #ifdef USE_COOKIE
     initCookie();
 #endif				/* USE_COOKIE */
-    setLocalCookie();		/* setup cookie for local CGI */
 #ifdef USE_HISTORY
     if (UseHistory)
 	loadHistory(URLHist);
@@ -4009,7 +4006,7 @@ adBmark(void)
     FormList *request;
 
     tmp = Sprintf("mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
-		  (Str_form_quote(Local_cookie))->ptr,
+		  (Str_form_quote(localCookie()))->ptr,
 		  (Str_form_quote(Strnew_charp(BookmarkFile)))->ptr,
 		  (Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))->
 		  ptr,
diff --git a/proto.h b/proto.h
index 30487b0..6c51ed5 100644
--- a/proto.h
+++ b/proto.h
@@ -1,4 +1,4 @@
-/* $Id: proto.h,v 1.91 2003/02/18 15:43:25 ukai Exp $ */
+/* $Id: proto.h,v 1.92 2003/04/08 16:01:40 ukai Exp $ */
 /* 
  *   This file was automatically generated by version 1.7 of cextract.
  *   Manual editing not recommended.
@@ -581,7 +581,7 @@ extern char *etcFile(char *base);
 extern char *auxbinFile(char *base);
 extern char *libFile(char *base);
 extern char *helpFile(char *base);
-extern void setLocalCookie(void);
+extern Str localCookie(void);
 extern Str loadLocalDir(char *dirname);
 extern void set_environ(char *var, char *value);
 extern FILE *localcgi_post(char *, char *, FormList *, char *);
diff --git a/rc.c b/rc.c
index 537331b..d9eed46 100644
--- a/rc.c
+++ b/rc.c
@@ -1,4 +1,4 @@
-/* $Id: rc.c,v 1.83 2003/04/06 16:27:54 ukai Exp $ */
+/* $Id: rc.c,v 1.84 2003/04/08 16:01:40 ukai Exp $ */
 /* 
  * Initialization file etc.
  */
@@ -1458,7 +1458,7 @@ Buffer *
 load_option_panel(void)
 {
     Str src = Sprintf(optionpanel_src1, html_quote(w3m_version),
-		      html_quote(Local_cookie->ptr), CMT_HELPER);
+		      html_quote(localCookie()->ptr), CMT_HELPER);
     struct param_ptr *p;
     struct sel_c *s;
     int x, i;
-- 
cgit v1.2.3