Improve salt string generation.

PR: 31440
Submited by: Andreas Krennmair <ak synflood.at>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@629159 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/support/htpasswd.c b/support/htpasswd.c
index bd7e203f8ed59d1733132a5f6cfe46eb23ddc70a..ac259809c92d01926b8dd772ca0a8550737c9bd2 100644 (file)
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -115,6 +115,18 @@ static void to64(char *s, unsigned long v, int n)
     }
 }
 
+static void generate_salt(char *s, size_t size)
+{
+    static unsigned char tbl[] = 
+        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    size_t i;
+    for (i = 0; i < size; ++i) {
+        int idx = (int) (64.0 * rand() / (RAND_MAX + 1.0));
+        s[i] = tbl[idx];
+    }
+}
+
+
 static void putline(apr_file_t *f, const char *l)
 {
     apr_file_puts(l, f);
@@ -163,7 +175,7 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd,
 
     case ALG_APMD5:
         (void) srand((int) time((time_t *) NULL));
-        to64(&salt[0], rand(), 8);
+        generate_salt(&salt[0], 8);
         salt[8] = '\0';
 
         apr_md5_encode((const char *)pw, (const char *)salt,