Generate better Acct-Session-Id

Jouni Malinen j at w1.fi
Sat Jun 6 11:23:08 EDT 2015


On Thu, Jun 04, 2015 at 06:38:41PM -0400, Alan DeKok wrote:
>     The current code generates Acct-Session-Id based on the current time.  However, some systems without real-time clocks always have the same time when they boot.  So the Acct-Session-Id values were getting re-used.
> 
>   The patch uses os_get_random(), or if that fails, the does an exclusive-or of the time in seconds and microseconds.  There microseconds are likely to vary somewhat, even on systems with no real-time clock.

Thanks, applied. Though, I made this XOR microseconds part in even for
the random value case. Obviously, this should not be needed with a
proper random number, but well, there are likely still some embedded
devices, where /dev/random is broken and only a small set of different
values may be available early after the boot and with that file not even
blocking reads properly..

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list