[Libreoffice-commits] online.git: loolwsd/ChildSession.cpp loolwsd/Util.cpp

Tue May 31 00:58:10 UTC 2016

loolwsd/ChildSession.cpp |    2 +-
 loolwsd/Util.cpp         |   30 +++++++++++++++++++++---------
 2 files changed, 22 insertions(+), 10 deletions(-)

New commits:
commit 8f3dcbcfb68393e3768f570c13598c3edf575dc3
Author: Ashod Nakashian <ashod.nakashian at collabora.co.uk>
Date:   Mon May 30 20:42:44 2016 -0400

    loolwsd: more secure random directories
    
    Util::createRandomDirectory now uses /dev/urandom
    (and a complex pseudo-random generator where missing)
    to generate 64-byte long, Base64-encoded, names.
    
    This should provide ample security compared to 64-bit
    pseudo-random numbers hex-encoded, as was the case.
    
    Change-Id: I714810a9fb03b5dcdbad7a15305940bf7457149e
    Reviewed-on: https://gerrit.libreoffice.org/25696
    Reviewed-by: Ashod Nakashian <ashnakash at gmail.com>
    Tested-by: Ashod Nakashian <ashnakash at gmail.com>

diff --git a/loolwsd/ChildSession.cpp b/loolwsd/ChildSession.cpp
index 59f96f7..e102405 100644
--- a/loolwsd/ChildSession.cpp
+++ b/loolwsd/ChildSession.cpp
@@ -787,12 +787,12 @@ bool ChildSession::downloadAs(const char* /*buffer*/, int /*length*/, StringToke
         }
     }
 
+    // The file is removed upon downloading.
     const auto tmpDir = Util::createRandomDir(JAILED_DOCUMENT_ROOT);
     const auto url = JAILED_DOCUMENT_ROOT + tmpDir + "/" + name;
 
     std::unique_lock<std::recursive_mutex> lock(Mutex);
 
-    //TODO: Cleanup the file after downloading.
     _loKitDocument->saveAs(url.c_str(),
             format.size() == 0 ? nullptr :format.c_str(),
             filterOptions.size() == 0 ? nullptr : filterOptions.c_str());
diff --git a/loolwsd/Util.cpp b/loolwsd/Util.cpp
index 5c5ffe9..4e11d38 100644
--- a/loolwsd/Util.cpp
+++ b/loolwsd/Util.cpp
@@ -28,11 +28,13 @@
 #include <sstream>
 #include <string>
 
+#include <Poco/Base64Encoder.h>
 #include <Poco/ConsoleChannel.h>
 #include <Poco/Exception.h>
 #include <Poco/Format.h>
 #include <Poco/Net/WebSocket.h>
 #include <Poco/Process.h>
+#include <Poco/RandomStream.h>
 #include <Poco/TemporaryFile.h>
 #include <Poco/Thread.h>
 #include <Poco/Timestamp.h>
@@ -49,6 +51,7 @@ namespace rng
 {
     static std::random_device _rd;
     static std::mutex _rngMutex;
+    static Poco::RandomBuf _randBuf;
 
     // Create the prng with a random-device for seed.
     // If we don't have a hardware random-device, we will get the same seed.
@@ -70,6 +73,21 @@ namespace rng
         std::unique_lock<std::mutex> lock(_rngMutex);
         return _rng();
     }
+
+    std::vector<char> getBytes(const size_t length)
+    {
+        std::vector<char> v(length);
+        _randBuf.readFromDevice(v.data(), v.size());
+        return v;
+    }
+
+    std::string getString(const size_t length)
+    {
+        std::stringstream ss;
+        Poco::Base64Encoder b64(ss);
+        b64 << getBytes(length).data();
+        return ss.str().substr(0, length);
+    }
 }
 }
 
@@ -94,15 +112,9 @@ namespace Util
     std::string createRandomDir(const std::string& path)
     {
         Poco::File(path).createDirectories();
-        for (;;)
-        {
-            const auto name = Util::encodeId(rng::getNext());
-            Poco::File dir(Poco::Path(path, name));
-            if (dir.createDirectory())
-            {
-                return name;
-            }
-        }
+        const auto name = rng::getString(64);
+        Poco::File(Poco::Path(path, name)).createDirectories();
+        return name;
     }
 
     std::string getTempFilePath(const std::string srcDir, const std::string& srcFilename)
