From 641565d4ebbb9094a590c2ae5fee1e7884d310be Mon Sep 17 00:00:00 2001
From: Kevin Easton <keaston@users.sourceforge.net>
Date: Sat, 17 Aug 2013 14:51:28 +0000
Subject: [PATCH] Strengthen the algorithm that generates a random cookie for
 /detach. This is a backwards-compatible change, no update to the scr-bx
 binary is necessary.

git-svn-id: svn://svn.code.sf.net/p/bitchx/code/trunk@358 13b04d17-f746-0410-82c6-800466cd88b0
---
 Changelog          |  2 ++
 source/commands2.c | 17 ++++++++++-------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/Changelog b/Changelog
index b09cc03..cd88955 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,7 @@
 [Changes 1.2c01]
 
+* Strengthen the cookie generation algorithm for /detach. (caf)
+
 * RANDOM_SOURCE now only affects the rand() scripting function. (caf)
 
 * Make RANDOM_LOCAL_PORTS actually random. (caf)
diff --git a/source/commands2.c b/source/commands2.c
index 3c01975..f97c1ac 100644
--- a/source/commands2.c
+++ b/source/commands2.c
@@ -2559,13 +2559,16 @@ void kill_attached_if_needed(int type)
 
 void make_cookie(void)
 {
-int i, j;
-	memset(connect_cookie, 0, sizeof(connect_cookie));
-	for (i = 0; i < (int) (20.0 * rand()/RAND_MAX) + 5; i++)
-	{
-		j = (int)(95.0 * rand()/RAND_MAX);
-		connect_cookie[i] = j + 32;
-	}
+	unsigned char rand_bytes[21];
+	int i;
+	char *cookie;
+
+	for (i = 0; i < sizeof rand_bytes; i++)
+		rand_bytes[i] = random_number(0);
+
+	cookie = base64_encode(rand_bytes, sizeof rand_bytes);
+	strlcpy(connect_cookie, cookie, sizeof connect_cookie);
+	new_free(&cookie);
 }
 
 static int create_ipc_socket(void)