From: Alan T. DeKok Date: Thu, 4 Jun 2015 20:53:06 +0000 (-0400) Subject: Set Acct-Session-Id from os_get_random() instead of os_get_time() X-Git-Tag: hostap_2_5~675 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=f13e815491de4a522919569a696ff679f8c15419;p=mech_eap.git Set Acct-Session-Id from os_get_random() instead of os_get_time() So that systems with bad clocks will send random session IDs, instead of always ones starting at the same second. If os_get_random() isn't available, use os_get_time(). But also mix in now.tv_usec, so that the accounting session ID is more likely to be globally and temporally unique. Signed-off-by: Alan DeKok --- diff --git a/src/ap/accounting.c b/src/ap/accounting.c index 7c55146..3312034 100644 --- a/src/ap/accounting.c +++ b/src/ap/accounting.c @@ -459,10 +459,14 @@ int accounting_init(struct hostapd_data *hapd) { struct os_time now; - /* Acct-Session-Id should be unique over reboots. If reliable clock is - * not available, this could be replaced with reboot counter, etc. */ + /* Acct-Session-Id should be unique over reboots. Using a random number + * is preferred. If that is not available, take the current time. Mix + * in microseconds to make this more likely to be unique. */ os_get_time(&now); - hapd->acct_session_id_hi = now.sec; + if (os_get_random((u8 *) &hapd->acct_session_id_hi, + sizeof(hapd->acct_session_id_hi)) < 0) + hapd->acct_session_id_hi = now.sec; + hapd->acct_session_id_hi ^= now.usec; if (radius_client_register(hapd->radius, RADIUS_ACCT, accounting_receive, hapd))