From 14ff78dfe7021691d722f2608a36e947d71b65a7 Mon Sep 17 00:00:00 2001 From: Leonid Evdokimov Date: Tue, 8 Mar 2016 20:53:19 +0300 Subject: [PATCH] Replace inconsistent rand()/random() with call to libevent2 rng --- http-connect.c | 3 +-- http-relay.c | 3 +-- main.c | 10 +--------- parser.c | 2 +- redsocks.c | 2 +- utils.c | 7 +++++++ utils.h | 1 + 7 files changed, 13 insertions(+), 15 deletions(-) diff --git a/http-connect.c b/http-connect.c index e243528..685ab54 100644 --- a/http-connect.c +++ b/http-connect.c @@ -210,8 +210,7 @@ static struct evbuffer *httpc_mkconnect(redsocks_client *client) /* prepare an random string for cnounce */ char cnounce[17]; - snprintf(cnounce, sizeof(cnounce), "%04x%04x%04x%04x", - rand() & 0xffff, rand() & 0xffff, rand() & 0xffff, rand() & 0xffff); + snprintf(cnounce, sizeof(cnounce), "%08x%08x", red_randui32(), red_randui32()); auth_string = digest_authentication_encode(auth->last_auth_query + 7, //line client->instance->config.login, client->instance->config.password, //user, pass diff --git a/http-relay.c b/http-relay.c index 4a39451..51c6f4c 100644 --- a/http-relay.c +++ b/http-relay.c @@ -320,8 +320,7 @@ static void httpr_relay_write_cb(struct bufferevent *buffev, void *_arg) /* prepare an random string for cnounce */ char cnounce[17]; - snprintf(cnounce, sizeof(cnounce), "%04x%04x%04x%04x", - rand() & 0xffff, rand() & 0xffff, rand() & 0xffff, rand() & 0xffff); + snprintf(cnounce, sizeof(cnounce), "%08x%08x", red_randui32(), red_randui32()); auth_string = digest_authentication_encode(auth->last_auth_query + 7, //line client->instance->config.login, client->instance->config.password, //user, pass diff --git a/main.c b/main.c index 9f497c6..c9ac20a 100644 --- a/main.c +++ b/main.c @@ -48,14 +48,6 @@ static void terminate(int sig, short what, void *_arg) log_error(LOG_WARNING, "event_loopbreak"); } -static void red_srand() -{ - struct timeval tv; - gettimeofday(&tv, NULL); - // using tv_usec is a bit less predictable than tv_sec - srand(tv.tv_sec*1000000+tv.tv_usec); -} - int main(int argc, char **argv) { int error; @@ -66,7 +58,7 @@ int main(int argc, char **argv) int opt; int i; - red_srand(); + evutil_secure_rng_init(); while ((opt = getopt(argc, argv, "h?vtc:p:")) != -1) { switch (opt) { case 't': diff --git a/parser.c b/parser.c index b3a0bb6..8803a51 100644 --- a/parser.c +++ b/parser.c @@ -319,7 +319,7 @@ static int vp_in_addr(parser_context *context, void *addr, const char *token) struct sockaddr_in *resolved_addr; for (iter = ainfo, count = 0; iter; iter = iter->ai_next, ++count) ; - taken = rand() % count; + taken = red_randui32() % count; for (iter = ainfo; taken > 0; iter = iter->ai_next, --taken) ; resolved_addr = (struct sockaddr_in*)iter->ai_addr; diff --git a/redsocks.c b/redsocks.c index 82320e5..c600282 100644 --- a/redsocks.c +++ b/redsocks.c @@ -634,7 +634,7 @@ static void redsocks_accept_client(int fd, short what, void *_arg) if (errno == ENFILE || errno == EMFILE || errno == ENOBUFS || errno == ENOMEM) { self->accept_backoff_ms = (self->accept_backoff_ms << 1) + 1; clamp_value(self->accept_backoff_ms, self->config.min_backoff_ms, self->config.max_backoff_ms); - int delay = (random() % self->accept_backoff_ms) + 1; + int delay = (red_randui32() % self->accept_backoff_ms) + 1; log_errno(LOG_WARNING, "accept: out of file descriptors, backing off for %u ms", delay); struct timeval tvdelay = { delay / 1000, (delay % 1000) * 1000 }; if (tracked_event_del(&self->listener) != 0) diff --git a/utils.c b/utils.c index 7de3969..0bbc2e6 100644 --- a/utils.c +++ b/utils.c @@ -90,6 +90,13 @@ int red_recv_udp_pkt(int fd, char *buf, size_t buflen, struct sockaddr_in *inadd return pktlen; } +uint32_t red_randui32() +{ + uint32_t ret; + evutil_secure_rng_get_bytes(&ret, sizeof(ret)); + return ret; +} + time_t redsocks_time(time_t *t) { time_t retval; diff --git a/utils.h b/utils.h index 991af9c..2297393 100644 --- a/utils.h +++ b/utils.h @@ -47,6 +47,7 @@ struct sockaddr_in; } while (0) +uint32_t red_randui32(); time_t redsocks_time(time_t *t); char *redsocks_evbuffer_readline(struct evbuffer *buf); struct bufferevent* red_connect_relay(struct sockaddr_in *addr, evbuffercb writecb, everrorcb errorcb, void *cbarg);