infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 17:44:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix bug with concurrent math/rand.Rand.Read

Browse Source 
firstly by using crypto/rand in those cases. and secondly by putting a lock
around the Read (though it isn't used at the moment).

found while working while implementing sending tls reports.
This commit is contained in:
Mechiel Lukkien
2023-11-09 17:15:46 +01:00
parent d02ac0cb86
commit 2535f351ed
7 changed files with 38 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
store/account.go
View File

@ -24,6 +24,7 @@ package store
import (
"context"
"crypto/md5"
cryptorand "crypto/rand"
"crypto/sha1"
"crypto/sha256"
"encoding"
@ -74,8 +75,6 @@ var (
ErrAccountUnknown = errors.New("no such account")
)
var subjectpassRand = mox.NewRand()
var DefaultInitialMailboxes = config.InitialMailboxes{
SpecialUse: config.SpecialUseMailboxes{
Sent: "Sent",
@ -1460,8 +1459,12 @@ func (a *Account) Subjectpass(email string) (key string, err error) {
}
key = ""
const chars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
for i := 0; i < 16; i++ {
key += string(chars[subjectpassRand.Intn(len(chars))])
buf := make([]byte, 16)
if _, err := cryptorand.Read(buf); err != nil {
return err
}
for _, b := range buf {
key += string(chars[int(b)%len(chars)])
}
v.Key = key
return tx.Insert(&v)