no more math random

mushorg · Feb 17, 2024 · c1204c6 · c1204c6
1 parent bf7c869
commit c1204c6
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 20 deletions.
diff --git a/protocols/tcp/smb/smb.go b/protocols/tcp/smb/smb.go
@@ -2,9 +2,10 @@ package smb
 
 import (
 	"bytes"
+	"crypto/rand"
 	"encoding/binary"
 	"errors"
-	"math/rand"
+	"math/big"
 	"time"
 
 	"github.com/google/uuid"
@@ -87,9 +88,12 @@ func filetime(offset time.Duration) Filetime {
 	}
 }
 
-func random(min, max int) int {
-	rand.Seed(time.Now().Unix())
-	return rand.Intn(max-min) + min
+func random(min, max int) (int, error) {
+	rn, err := rand.Int(rand.Reader, big.NewInt(int64(max-min)))
+	if err != nil {
+		return 0, err
+	}
+	return int(rn.Int64()) + min, nil
 }
 
 func toBytes(smb interface{}) ([]byte, error) {
@@ -255,7 +259,11 @@ func MakeNegotiateProtocolResponse(header SMBHeader) (SMBHeader, []byte, error)
 	smb.MaxTransactSize = [4]byte{0x04, 0x11}
 	smb.MaxReadSize = [4]byte{0x00, 0x00, 0x01}
 	smb.SystemTime = filetime(0)
-	smb.ServerStartTime = filetime(time.Duration(random(1000, 2000)) * time.Hour)
+	randomTime, err := random(1000, 2000)
+	if err != nil {
+		return SMBHeader{}, nil, err
+	}
+	smb.ServerStartTime = filetime(time.Duration(randomTime) * time.Hour)
 
 	data, err := toBytes(smb)
 	return smb.Header, data, err

diff --git a/protocols/tcp/smtp.go b/protocols/tcp/smtp.go
@@ -3,9 +3,10 @@ package tcp
 import (
 	"bufio"
 	"context"
+	"crypto/rand"
 	"fmt"
 	"log/slog"
-	"math/rand"
+	"math/big"
 	"net"
 	"regexp"
 	"strings"
@@ -34,13 +35,15 @@ func (c *Client) read() (string, error) {
 	return c.bufin.ReadString('\n')
 }
 
-func rwait() {
-	// makes the process sleep for random time
-	rand.Seed(time.Now().Unix())
+func randomSleep() error {
 	// between 0.5 - 1.5 seconds
-	rtime := rand.Intn(1500) + 500
-	duration := time.Duration(rtime) * time.Millisecond
+	rtime, err := rand.Int(rand.Reader, big.NewInt(1500))
+	if err != nil {
+		return err
+	}
+	duration := time.Duration(rtime.Int64()+500) * time.Millisecond
 	time.Sleep(duration)
+	return nil
 }
 func validateMail(query string) bool {
 	email := regexp.MustCompile("^MAIL FROM:<.+@.+>$") // naive regex
@@ -64,7 +67,9 @@ func HandleSMTP(ctx context.Context, conn net.Conn, md connection.Metadata, logg
 		bufin:  bufio.NewReader(conn),
 		bufout: bufio.NewWriter(conn),
 	}
-	rwait()
+	if err := randomSleep(); err != nil {
+		return err
+	}
 	client.w("220 Welcome!")
 
 	for {
@@ -78,13 +83,19 @@ func HandleSMTP(ctx context.Context, conn net.Conn, md connection.Metadata, logg
 		query := strings.Trim(data, "\r\n")
 		logger.Info(fmt.Sprintf("[smtp    ] Payload : %q", query))
 		if strings.HasPrefix(query, "HELO ") {
-			rwait()
+			if err := randomSleep(); err != nil {
+				return err
+			}
 			client.w("250 Hello! Pleased to meet you.")
 		} else if validateMail(query) {
-			rwait()
+			if err := randomSleep(); err != nil {
+				return err
+			}
 			client.w("250 OK")
 		} else if validateRCPT(query) {
-			rwait()
+			if err := randomSleep(); err != nil {
+				return err
+			}
 			client.w("250 OK")
 		} else if strings.Compare(query, "DATA") == 0 {
 			client.w("354 End data with <CRLF>.<CRLF>")
@@ -104,7 +115,9 @@ func HandleSMTP(ctx context.Context, conn net.Conn, md connection.Metadata, logg
 					break
 				}
 			}
-			rwait()
+			if err := randomSleep(); err != nil {
+				return err
+			}
 			client.w("250 OK")
 		} else if strings.Compare(query, "QUIT") == 0 {
 			client.w("Bye")

diff --git a/protocols/tcp/tcp.go b/protocols/tcp/tcp.go
@@ -2,11 +2,12 @@ package tcp
 
 import (
 	"context"
+	"crypto/rand"
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
 	"log/slog"
-	"math/rand"
+	"math/big"
 	"net"
 	"os"
 	"path/filepath"
@@ -52,7 +53,11 @@ func storePayload(data []byte) (string, error) {
 }
 
 func (s *tcpServer) sendRandom(conn net.Conn) error {
-	randomBytes := make([]byte, 12+rand.Intn(500))
+	randomInt, err := rand.Int(rand.Reader, big.NewInt(500))
+	if err != nil {
+		return err
+	}
+	randomBytes := make([]byte, 12+randomInt.Int64())
 	if _, err := rand.Read(randomBytes); err != nil {
 		return err
 	}

diff --git a/protocols/tcp/telnet.go b/protocols/tcp/telnet.go
@@ -3,13 +3,14 @@ package tcp
 import (
 	"bufio"
 	"context"
+	"crypto/rand"
 	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
 	"log/slog"
-	"math/rand"
+	"math/big"
 	"net"
 	"net/http"
 	"os"
@@ -211,7 +212,11 @@ func HandleTelnet(ctx context.Context, conn net.Conn, md connection.Metadata, lo
 			}
 
 			if resp := miraiCom[strings.TrimSpace(cmd)]; len(resp) > 0 {
-				if err := s.write(conn, resp[rand.Intn(len(resp))]+"\r\n"); err != nil {
+				n, err := rand.Int(rand.Reader, big.NewInt(int64(len(resp))))
+				if err != nil {
+					return err
+				}
+				if err := s.write(conn, resp[n.Int64()]+"\r\n"); err != nil {
 					return err
 				}
 			} else {