From: Nishi <nishi@nishi.boats>
Date: Wed, 21 Aug 2024 19:23:54 +0000 (+0000)
Subject: use urandom instead of rand
X-Git-Url: https://git.chaotic.ninja/gitweb/nishi/?a=commitdiff_plain;h=16d6367835c691d65b695a4d92412ee58bf9c571;p=repoview.git

use urandom instead of rand

git-svn-id: file:///raid/svn-personal/repoview/trunk@29 7e8b2a19-8934-dd40-8cb3-db22cdd5a80f
---

diff --git a/CGI/avatar.c b/CGI/avatar.c
index 3d61189..facfd4d 100644
--- a/CGI/avatar.c
+++ b/CGI/avatar.c
@@ -1,3 +1,31 @@
 /* $Id$ */
 
 #include "rv_avatar.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <png.h>
+
+void rv_avatar_generate(const char* name) {
+	FILE* f = fopen(name, "wb");
+
+	if(f == NULL) return;
+
+	png_structp pngp = NULL;
+	png_infop infop = NULL;
+	png_bytep row = NULL;
+
+	pngp = png_create_write_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL);
+	infop = png_create_info_struct(pngp);
+
+	if(setjmp(png_jmpbuf(pngp))) {
+		goto closeall;
+	}
+
+closeall:
+	fclose(f);
+	if(infop != NULL) png_free_data(pngp, infop, PNG_FREE_ALL, -1);
+	if(pngp != NULL) png_destroy_write_struct(&pngp, (png_infopp)NULL);
+	if(row != NULL) free(row);
+}
diff --git a/CGI/rv_avatar.h b/CGI/rv_avatar.h
index 1fda796..573aa4f 100644
--- a/CGI/rv_avatar.h
+++ b/CGI/rv_avatar.h
@@ -3,4 +3,6 @@
 #ifndef __RV_AVATAR_H__
 #define __RV_AVATAR_H__
 
+void rv_avatar_generate(const char* name);
+
 #endif
diff --git a/CGI/util.c b/CGI/util.c
index b483cce..92fd6f0 100644
--- a/CGI/util.c
+++ b/CGI/util.c
@@ -86,10 +86,14 @@ char* rv_new_token(const char* username) {
 	char* token = malloc(17);
 	token[16] = 0;
 	int i;
+	unsigned char uc;
+	FILE* f = fopen("/dev/urandom", "rb");
 regenerate:
 	for(i = 0; i < 16; i++) {
-		token[i] = tokenstr[rand() % strlen(tokenstr)];
+		fread(&uc, 1, 1, f);
+		token[i] = tokenstr[uc % strlen(tokenstr)];
 	}
+	fclose(f);
 	if(rv_has_token(token)) goto regenerate;
 	rv_save_token(username, token);
 	return token;