From: Ollie Leahy <oliver.leahy@hp.com>
Date: Fri, 30 May 2014 11:57:02 +0000 (+0000)
Subject: Use os.urandom in volume transfer
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=6791fa41e06beab23bc7832a3bfa9ab28adf1e34;p=openstack-build%2Fcinder-build.git

Use os.urandom in volume transfer

This patch replaces a call to random.random() with a call to
os.urandom(), which generates a higher quality random number.

Closes-Bug: #1319643

Change-Id: Ifaa2216d4905f5286884629beac52b25249d621f
---

diff --git a/cinder/transfer/api.py b/cinder/transfer/api.py
index cc65edd5b..1ec533aa5 100644
--- a/cinder/transfer/api.py
+++ b/cinder/transfer/api.py
@@ -18,10 +18,9 @@ Handles all requests relating to transferring ownership of volumes.
 """
 
 
-import datetime
 import hashlib
 import hmac
-import random
+import os
 
 from oslo.config import cfg
 
@@ -81,9 +80,13 @@ class API(base.Base):
     def _get_random_string(self, length):
         """Get a random hex string of the specified length."""
         rndstr = ""
-        random.seed(datetime.datetime.now().microsecond)
+
+        # Note that the string returned by this function must contain only
+        # characters that the recipient can enter on their keyboard. The
+        # function ssh224().hexdigit() achieves this by generating a hash
+        # which will only contain hexidecimal digits.
         while len(rndstr) < length:
-            rndstr += hashlib.sha224(str(random.random())).hexdigest()
+            rndstr += hashlib.sha224(os.urandom(255)).hexdigest()
 
         return rndstr[0:length]