Use os.urandom in volume transfer

This patch replaces a call to random.random() with a call to
os.urandom(), which generates a higher quality random number.

Closes-Bug: #1319643

Change-Id: Ifaa2216d4905f5286884629beac52b25249d621f

diff --git a/cinder/transfer/api.py b/cinder/transfer/api.py
index cc65edd5b26f587dc563c0122c9ba5824c7e48ca..1ec533aa5dbc0cf8f3c314fd32c0276a177c3b4e 100644 (file)
--- a/cinder/transfer/api.py
+++ b/cinder/transfer/api.py
@@ -18,10 +18,9 @@ Handles all requests relating to transferring ownership of volumes.
 """
 
 
-import datetime
 import hashlib
 import hmac
-import random
+import os
 
 from oslo.config import cfg
 
@@ -81,9 +80,13 @@ class API(base.Base):
     def _get_random_string(self, length):
         """Get a random hex string of the specified length."""
         rndstr = ""
-        random.seed(datetime.datetime.now().microsecond)
+
+        # Note that the string returned by this function must contain only
+        # characters that the recipient can enter on their keyboard. The
+        # function ssh224().hexdigit() achieves this by generating a hash
+        # which will only contain hexidecimal digits.
         while len(rndstr) < length:
-            rndstr += hashlib.sha224(str(random.random())).hexdigest()
+            rndstr += hashlib.sha224(os.urandom(255)).hexdigest()
 
         return rndstr[0:length]