Re: nc -r: remove modulo bias and better shuffling

Sun, 06 Dec 2015 18:30:35 -0800 

On Mon, Dec 07, 2015 at 03:20:21AM +0100, Theo Buehler wrote:
> On Sun, Dec 06, 2015 at 07:12:28PM -0700, Bob Beck wrote:
> > Theo (not deraadt) ignore our screams of pain, fix the thing to use
> > asprintf and then I'll go further with you on it ;)
> 
> ok, there you go :)
> 
> > On Sun, Dec 6, 2015 at 7:11 PM, Bob Beck <[email protected]> wrote:
> > >> and then digging deeper... to see how the portname (as a string)
> > >> is passed down to socks... and reversed into an integer...
> > >>
> > >> AGhh... I just went blind.
> > >
> > > Maybe since we're already linking in libcrypto/asn1 - if he needs to
> > > store integers as strings all the time......
> > 

and again I manage to send the wrong diff. meh.


Index: usr.bin/nc/netcat.c
===================================================================
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.144
diff -u -p -r1.144 netcat.c
--- usr.bin/nc/netcat.c 23 Nov 2015 01:23:56 -0000      1.144
+++ usr.bin/nc/netcat.c 7 Dec 2015 02:25:14 -0000
@@ -58,7 +58,6 @@
 #include "atomicio.h"
 
 #define PORT_MAX       65535
-#define PORT_MAX_LEN   6
 #define UNIX_DG_TMP_SOCKET_SIZE        19
 
 #define POLL_STDIN 0
@@ -1289,25 +1288,22 @@ build_ports(char *p)
                        lo = cp;
                }
 
-               /* Load ports sequentially. */
-               for (cp = lo; cp <= hi; cp++) {
-                       portlist[x] = calloc(1, PORT_MAX_LEN);
-                       if (portlist[x] == NULL)
-                               err(1, NULL);
-                       snprintf(portlist[x], PORT_MAX_LEN, "%d", cp);
-                       x++;
-               }
-
-               /* Randomly swap ports. */
+               /*
+                * Initialize portlist with a random permutation.  Based on
+                * Knuth, as in ip_randomid() in sys/netinet/ip_id.c.
+                */
                if (rflag) {
-                       int y;
-                       char *c;
-
-                       for (x = 0; x <= (hi - lo); x++) {
-                               y = (arc4random() & 0xFFFF) % (hi - lo);
-                               c = portlist[x];
-                               portlist[x] = portlist[y];
-                               portlist[y] = c;
+                       for (x = 0; x <= hi - lo; x++) {
+                               cp = arc4random_uniform(x + 1);
+                               portlist[x] = portlist[cp];
+                               if (asprintf(&portlist[cp], "%d", x + lo) < 0)
+                                       err(1, "asprintf");
+                       }
+               } else { /* Load ports sequentially. */
+                       for (cp = lo; cp <= hi; cp++) {
+                               if (asprintf(&portlist[x], "%d", cp) < 0)
+                                       err(1, "asprintf");
+                               x++;
                        }
                }
        } else {

Reply via email to