rajitha
/
device-mgt-plugins
forked from community/device-mgt-plugins
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Predictable pseudorandom number generator security issue

Browse Source
revert-dabc3590
warunalakshitha 8 years ago
parent e65b61bf95
commit b06d86f87a
4 changed files with 56 additions and 47 deletions
Show Stats Download Patch File Download Diff File

39
components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/TransportUtils.java
Unescape View File

@ -34,6 +34,8 @@ import java.net.ServerSocket;
import java.net.SocketException; import java.net.SocketException;
import java.net.URL; import java.net.URL;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.HashMap; import java.util.HashMap;
@ -172,27 +174,26 @@ public class TransportUtils {
*/ */
public static synchronized int getAvailablePort(int randomAttempts) { public static synchronized int getAvailablePort(int randomAttempts) {
ArrayList<Integer> failedPorts = new ArrayList<Integer>(randomAttempts); ArrayList<Integer> failedPorts = new ArrayList<Integer>(randomAttempts);
try {
Random randomNum = new Random(); SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
int randomPort = MAX_PORT_NUMBER; int randomPort = MAX_PORT_NUMBER;
while (randomAttempts > 0) {
while (randomAttempts > 0) { randomPort = secureRandom.nextInt(MAX_PORT_NUMBER - MIN_PORT_NUMBER) + MIN_PORT_NUMBER;
randomPort = randomNum.nextInt(MAX_PORT_NUMBER - MIN_PORT_NUMBER) + MIN_PORT_NUMBER; if (checkIfPortAvailable(randomPort)) {
return randomPort;
if (checkIfPortAvailable(randomPort)) { }
return randomPort; failedPorts.add(randomPort);
randomAttempts--;
} }
failedPorts.add(randomPort); randomPort = MAX_PORT_NUMBER;
randomAttempts--; while (true) {
} if (!failedPorts.contains(randomPort) && checkIfPortAvailable(randomPort)) {
return randomPort;
randomPort = MAX_PORT_NUMBER; }
randomPort--;
while (true) {
if (!failedPorts.contains(randomPort) && checkIfPortAvailable(randomPort)) {
return randomPort;
} }
randomPort--; } catch (NoSuchAlgorithmException e) {
throw new RuntimeException("SHA1PRNG algorithm could not be found.");
} }
} }

11
components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/virtual/VirtualHardwareManager.java
Unescape View File

@ -33,6 +33,8 @@ import javax.sound.sampled.Clip;
import javax.swing.*; import javax.swing.*;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
/** /**
* This class use to emulate virtual hardware functionality * This class use to emulate virtual hardware functionality
@ -188,9 +190,12 @@ public class VirtualHardwareManager {
double mn = current - offset; double mn = current - offset;
min = (mn < min) ? min : (int) Math.round(mn); min = (mn < min) ? min : (int) Math.round(mn);
} }
try {
double rnd = Math.random() * (max - min) + min; SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
return (int) Math.round(rnd); return secureRandom.nextInt(max - min) + min;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("SHA1PRNG algorithm could not be found.");
}
} }

39
components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/TransportUtils.java
Unescape View File

@ -36,6 +36,8 @@ import java.net.ServerSocket;
import java.net.SocketException; import java.net.SocketException;
import java.net.URL; import java.net.URL;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.HashMap; import java.util.HashMap;
@ -173,27 +175,26 @@ public class TransportUtils {
*/ */
public static synchronized int getAvailablePort(int randomAttempts) { public static synchronized int getAvailablePort(int randomAttempts) {
ArrayList<Integer> failedPorts = new ArrayList<Integer>(randomAttempts); ArrayList<Integer> failedPorts = new ArrayList<Integer>(randomAttempts);
try {
Random randomNum = new Random(); SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
int randomPort = MAX_PORT_NUMBER; int randomPort = MAX_PORT_NUMBER;
while (randomAttempts > 0) {
while (randomAttempts > 0) { randomPort = secureRandom.nextInt(MAX_PORT_NUMBER - MIN_PORT_NUMBER) + MIN_PORT_NUMBER;
randomPort = randomNum.nextInt(MAX_PORT_NUMBER - MIN_PORT_NUMBER) + MIN_PORT_NUMBER; if (checkIfPortAvailable(randomPort)) {
return randomPort;
if (checkIfPortAvailable(randomPort)) { }
return randomPort; failedPorts.add(randomPort);
randomAttempts--;
} }
failedPorts.add(randomPort); randomPort = MAX_PORT_NUMBER;
randomAttempts--; while (true) {
} if (!failedPorts.contains(randomPort) && checkIfPortAvailable(randomPort)) {
return randomPort;
randomPort = MAX_PORT_NUMBER; }
randomPort--;
while (true) {
if (!failedPorts.contains(randomPort) && checkIfPortAvailable(randomPort)) {
return randomPort;
} }
randomPort--; } catch (NoSuchAlgorithmException e) {
throw new RuntimeException("SHA1PRNG algorithm could not be found.");
} }
} }

14
components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/virtual/VirtualHardwareManager.java
Unescape View File

@ -33,6 +33,8 @@ import javax.sound.sampled.Clip;
import javax.swing.*; import javax.swing.*;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
/** /**
* This class use to emulate virtual hardware functionality * This class use to emulate virtual hardware functionality
@ -174,19 +176,19 @@ public class VirtualHardwareManager {
} }
private int getRandom(int max, int min, int current, boolean isSmoothed, int svf) { private int getRandom(int max, int min, int current, boolean isSmoothed, int svf) {
if (isSmoothed) { if (isSmoothed) {
int offset = (max - min) * svf / 100; int offset = (max - min) * svf / 100;
double mx = current + offset; double mx = current + offset;
max = (mx > max) ? max : (int) Math.round(mx); max = (mx > max) ? max : (int) Math.round(mx);
double mn = current - offset; double mn = current - offset;
min = (mn < min) ? min : (int) Math.round(mn); min = (mn < min) ? min : (int) Math.round(mn);
} }
try {
double rnd = Math.random() * (max - min) + min; SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
return (int) Math.round(rnd); return secureRandom.nextInt(max - min) + min;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("SHA1PRNG algorithm could not be found.");
}
} }
private void setAudioSequencer() { private void setAudioSequencer() {

Write Preview
Loading…
Cancel
Save