make caveat nonces random (#1964)

2019-05-14 21:08:52 +00:00 · 2019-05-14 21:08:52 +00:00 · 791ec89c5e
commit 791ec89c5e
parent 15e74c8c3d
2 changed files with 9 additions and 6 deletions
--- a/cmd/uplink/cmd/share.go
+++ b/cmd/uplink/cmd/share.go
@ -88,7 +88,11 @@ func shareMain(cmd *cobra.Command, args []string) (err error) {
 		return err
 	}

-	caveat := macaroon.NewCaveat()
+	caveat, err := macaroon.NewCaveat()
+	if err != nil {
+		return err
+	}
+
 	caveat.DisallowDeletes = shareCfg.DisallowDeletes || shareCfg.Readonly
 	caveat.DisallowLists = shareCfg.DisallowLists || shareCfg.Writeonly
 	caveat.DisallowReads = shareCfg.DisallowReads || shareCfg.Writeonly
--- a/pkg/macaroon/caveat.go
+++ b/pkg/macaroon/caveat.go
@ -4,14 +4,13 @@
 package macaroon

 import (
-	"encoding/binary"
-	"time"
+	"crypto/rand"
 )

 // NewCaveat returns a Caveat with a nonce initialized to the current timestamp
 // in nanoseconds.
-func NewCaveat() Caveat {
+func NewCaveat() (Caveat, error) {
 	var buf [8]byte
-	binary.BigEndian.PutUint64(buf[:], uint64(time.Now().UnixNano()))
-	return Caveat{Nonce: buf[:]}
+	_, err := rand.Read(buf[:])
+	return Caveat{Nonce: buf[:]}, err
 }