From: Paul Hänsch Date: Wed, 17 Jun 2026 16:28:43 +0000 (+0200) Subject: avoid null characters in server secret, remove debug output X-Git-Url: https://git.plutz.net/?a=commitdiff_plain;h=221c2b7d4a177530c113cbf62470705c3044a84c;p=cgilite avoid null characters in server secret, remove debug output --- diff --git a/session.sh b/session.sh index c3a44e8..a29cbf4 100755 --- a/session.sh +++ b/session.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2018 - 2022 Paul Hänsch +# Copyright 2018 - 2022, 2026 Paul Hänsch # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -45,7 +45,8 @@ fi server_key(){ IDFILE="${IDFILE:-${_DATA:-.}/serverkey}" if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then - dd count=1 bs=512 if=/dev/urandom \ + tr -d \\0 &- } @@ -116,7 +117,7 @@ update_session(){ new_session(){ local sid time sig - debug "Setting up new session" + # debug "Setting up new session" sid="$(randomid)" time=$(( $_DATE + $SESSION_TIMEOUT )) sig="$(session_mac "$sid" "$time")"