It's insecure to use unitialized memory as entropy source. See

author MASM fan <masmfan@gmail.com>

Tue, 23 Dec 2014 21:34:09 +0000 (13:34 -0800)

committer MASM fan <masmfan@gmail.com>

Tue, 23 Dec 2014 21:34:09 +0000 (13:34 -0800)
author MASM fan <masmfan@gmail.com>
Tue, 23 Dec 2014 21:34:09 +0000 (13:34 -0800)
committer MASM fan <masmfan@gmail.com>
Tue, 23 Dec 2014 21:34:09 +0000 (13:34 -0800)
diff --git a/src/stun.cpp b/src/stun.cpp

index 4bf2c94..1ab2bc7 100644 (file)
--- a/src/stun.cpp
+++ b/src/stun.cpp
@@ -28,6 +28,8 @@
  * Of course all fields are in network format.
  */
 
+#define __STDC_LIMIT_MACROS
+
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -49,6 +51,9 @@
 
 #include "ministun.h"
 
+extern int GetRandInt(int nMax);
+extern uint64_t GetRand(uint64_t nMax);
+
 /*---------------------------------------------------------------------*/
 
 struct StunSrv {
@@ -334,10 +339,15 @@ static int stun_send(int s, struct sockaddr_in *dst, struct stun_header *resp)
 }
 
 /* helper function to generate a random request id */
-static uint64_t randfiller;
+static uint64_t randfiller = GetRand(UINT64_MAX);
 static void stun_req_id(struct stun_header *req)
 {
     const uint64_t *S_block = (const uint64_t *)StunSrvList;
+    req->id.id[0] = GetRandInt(INT_MAX);
+    req->id.id[1] = GetRandInt(INT_MAX);
+    req->id.id[2] = GetRandInt(INT_MAX);
+    req->id.id[3] = GetRandInt(INT_MAX);
+
     req->id.id[0] |= 0x55555555;
     req->id.id[1] &= 0x55555555;
     req->id.id[2] |= 0x55555555;
author	MASM fan <masmfan@gmail.com>
	Tue, 23 Dec 2014 21:34:09 +0000 (13:34 -0800)
committer	MASM fan <masmfan@gmail.com>
	Tue, 23 Dec 2014 21:34:09 +0000 (13:34 -0800)