Generate multipart boundary using SecureRandom [SPR-16635] #21176
Description
Rossen Stoyanchev opened SPR-16635 and commented
From RFC 2046:
The boundary delimiter MUST NOT appear inside any of the encapsulated parts,
on a line by itself or as the prefix of any line. This implies that it is
crucial that the composing agent be able to choose and specify a
unique boundary parameter value that does not contain the boundary
parameter value of an enclosing multipart as a prefix.
Currently Random is used to generate the boundary which guarantees the above will not occur by accident. In certain scenarios, based on an advanced and esoteric type of attack, it is theoretically possible for the boundary to be guessed and intermixed with content received as input from an outside source. We should switch to using SecureRandom to completely eliminate that possibility.
Note however that the use of SecureRandom also introduces the possibility for lack of entropy depending on how the JVM is configured. This is a more general issue, however, not specific to the Spring Framework, but we need to provide guidance in the docs.
Affects: 4.3.14
Issue Links:
- Lazily initialize SecureRandom in MimeTypeUtils [SPR-16974] #21512 Lazily initialize SecureRandom in MimeTypeUtils
Referenced from: commits f6ea740, e02ff3a, d007c25, ab2410c
Backported to: 4.3.15