upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-09 00:32:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

MEDIUM: h1: use ha_random64_pair_hashed() for the WebSocket key

Browse source 
Instead of using two consecutive calls to ha_random64(), let's use the
cleaner and safer ha_random64_pair_hashed(). This way the internal
PRNG state will not leak into the emitted headers.
This commit is contained in:
Willy Tarreau 2026-05-25 18:23:30 +02:00
parent 85003563c5
commit 7ac4d7d69f
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/h1.c
View file

@ -1272,9 +1272,10 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
void h1_generate_random_ws_input_key(char key_out[25]) void h1_generate_random_ws_input_key(char key_out[25])
{ {
/* generate a random websocket key */ /* generate a random websocket key */
const uint64_t rand1 = ha_random64(), rand2 = ha_random64(); uint64_t rand1, rand2;
char key[16]; char key[16];
ha_random64_pair_hashed(&rand1, &rand2);
memcpy(key, &rand1, 8); memcpy(key, &rand1, 8);
memcpy(&key[8], &rand2, 8); memcpy(&key[8], &rand2, 8);
a2base64(key, 16, key_out, 25); a2base64(key, 16, key_out, 25);