Blob Blame History Raw
diff -up oauth2-1.5.211/oauth2/__init__.py.CVE-2013-4347 oauth2-1.5.211/oauth2/__init__.py
--- oauth2-1.5.211/oauth2/__init__.py.CVE-2013-4347	2014-09-12 14:34:21.762620879 -0400
+++ oauth2-1.5.211/oauth2/__init__.py	2014-09-12 14:35:26.695711288 -0400
@@ -164,12 +164,12 @@ def generate_timestamp():
 
 def generate_nonce(length=8):
     """Generate pseudorandom number."""
-    return ''.join([str(random.randint(0, 9)) for i in range(length)])
+    return ''.join([str(random.SystemRandom().randint(0, 9)) for i in range(length)])
 
 
 def generate_verifier(length=8):
     """Generate pseudorandom number."""
-    return ''.join([str(random.randint(0, 9)) for i in range(length)])
+    return ''.join([str(random.SystemRandom().randint(0, 9)) for i in range(length)])
 
 
 class Consumer(object):
@@ -509,7 +509,7 @@ class Request(dict):
     @classmethod
     def make_nonce(cls):
         """Generate pseudorandom number."""
-        return str(random.randint(0, 100000000))
+        return str(random.SystemRandom().randint(0, 100000000))
  
     @classmethod
     def from_request(cls, http_method, http_url, headers=None, parameters=None,