summary refs log tree commit diff
diff options
context:
space:
mode:
authorRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-05-03 15:39:30 +0100
committerGitHub <noreply@github.com>2019-05-03 15:39:30 +0100
commit1acfb9e9f0aa6a734b11a14d10b037e69679371d (patch)
tree1e087b3c0d194c46300b67face5ef03accb00f21
parent0.99.3 (diff)
parenttypo (diff)
downloadsynapse-1acfb9e9f0aa6a734b11a14d10b037e69679371d.tar.xz
Merge pull request #5133 from matrix-org/rav/systemrandom
Use SystemRandom for token generation.
-rw-r--r--changelog.d/5133.bugfix1
-rw-r--r--synapse/util/stringutils.py9
2 files changed, 8 insertions, 2 deletions
diff --git a/changelog.d/5133.bugfix b/changelog.d/5133.bugfix
new file mode 100644
index 0000000000..be6474a692
--- /dev/null
+++ b/changelog.d/5133.bugfix
@@ -0,0 +1 @@
+Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue!
diff --git a/synapse/util/stringutils.py b/synapse/util/stringutils.py
index fdcb375f95..69dffd8244 100644
--- a/synapse/util/stringutils.py
+++ b/synapse/util/stringutils.py
@@ -24,14 +24,19 @@ _string_with_symbols = (
     string.digits + string.ascii_letters + ".,;:^&*-_+=#~@"
 )
 
+# random_string and random_string_with_symbols are used for a range of things,
+# some cryptographically important, some less so. We use SystemRandom to make sure
+# we get cryptographically-secure randoms.
+rand = random.SystemRandom()
+
 
 def random_string(length):
-    return ''.join(random.choice(string.ascii_letters) for _ in range(length))
+    return ''.join(rand.choice(string.ascii_letters) for _ in range(length))
 
 
 def random_string_with_symbols(length):
     return ''.join(
-        random.choice(_string_with_symbols) for _ in range(length)
+        rand.choice(_string_with_symbols) for _ in range(length)
     )