| |
@@ -0,0 +1,31 @@
|
| |
+ From 3e2f7356effc9e9cccc5ae945846279804eedc46 Mon Sep 17 00:00:00 2001
|
| |
+ From: Dimitri John Ledkov <xnox@ubuntu.com>
|
| |
+ Date: Tue, 18 Feb 2020 17:03:24 +0000
|
| |
+ Subject: [PATCH] utils: use SystemRandom when generating random password.
|
| |
+ (#204)
|
| |
+
|
| |
+ As noticed by Seth Arnold, non-deterministic SystemRandom should be
|
| |
+ used when creating security sensitive random strings.
|
| |
+ ---
|
| |
+ cloudinit/util.py | 3 ++-
|
| |
+ 1 file changed, 2 insertions(+), 1 deletion(-)
|
| |
+
|
| |
+ diff --git a/cloudinit/util.py b/cloudinit/util.py
|
| |
+ index d99e82fa..c02b3d9a 100644
|
| |
+ --- a/cloudinit/util.py
|
| |
+ +++ b/cloudinit/util.py
|
| |
+ @@ -397,9 +397,10 @@ def translate_bool(val, addons=None):
|
| |
+
|
| |
+
|
| |
+ def rand_str(strlen=32, select_from=None):
|
| |
+ + r = random.SystemRandom()
|
| |
+ if not select_from:
|
| |
+ select_from = string.ascii_letters + string.digits
|
| |
+ - return "".join([random.choice(select_from) for _x in range(0, strlen)])
|
| |
+ + return "".join([r.choice(select_from) for _x in range(0, strlen)])
|
| |
+
|
| |
+
|
| |
+ def rand_dict_key(dictionary, postfix=None):
|
| |
+ --
|
| |
+ 2.18.1
|
| |
+
|
| |
This commit backports the upstream commits for the CVEs:
CVE-2020-8632 cloud-init: Too short random password length in
cc_set_password in config/cc_set_passwords.py
https://bugzilla.redhat.com/show_bug.cgi?id=1798729
./cloud-init-19.4-cc_set_password-increase-random-pwlength-from-9-to-2.patch
CVE-2020-8631 cloud-init: Use of random.choice when generating random
password
https://bugzilla.redhat.com/show_bug.cgi?id=1798732
./cloud-init-19.4-utils-use-SystemRandom-when-generating-random-passwo.patch
Signed-off-by: Eduardo Otubo otubo@redhat.com