Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets
From: jah <jah () zadkiel plus com>
Date: Thu, 24 Apr 2008 03:45:55 +0100

On 24/04/2008 02:54, Brandon Enright wrote:
The problem here is that the rng is being seeded with time every time it
is called.  Time is pretty biased and will generate a collision which
will create a cycle in the prng (calls to rand()).
So this probably explains why I didn't see the issue whilst stepping
through the code as much time passes between seedings whereas in
realtime, it's probably only microseconds.

The solution to this is to drop the re-seeding code starting at line
184 of nbase/nbase_rng.cc (it is redundant and done in main.cc).
142 of nbase_rnd.c you mean?  If so, patch attached.  I've taken the
liberty of removing the badrandomwarning stuff too  - Kris K has already
submitted a patch for this entire issue...
http://seclists.org/nmap-dev/2006/q3/0240.html

So, nice work Brandon and, retrospectively, to Kris!

regards,

jah
--- nbase_rnd.c.orig    Mon Mar  3 15:21:50 2008
+++ nbase_rnd.c Thu Apr 24 03:24:49 2008
@@ -109,11 +109,9 @@
 
 int get_random_bytes(void *buf, int numbytes) {
   static char bytebuf[2048];
-  static char badrandomwarning = 0;
   static int bytesleft = 0;
   int tmp;
   int res;
-  struct timeval tv;
   FILE *fp = NULL;
   unsigned int i;
   short *iptr;
@@ -134,15 +132,6 @@
       bytesleft = sizeof(bytebuf);
     }
     if (!fp) {  
-      if (badrandomwarning == 0) {
-       badrandomwarning++;
-       /*      error("WARNING: your system apparently does not offer /dev/urandom or /dev/random.  Reverting to less 
secure version."); */
-       
-       /* Seed our random generator */
-       gettimeofday(&tv, NULL);
-       srand((tv.tv_sec ^ tv.tv_usec) ^ getpid());
-      }
-      
       for(i=0; i < sizeof(bytebuf) / sizeof(short); i++) {
        iptr = (short *) ((char *)bytebuf + i * sizeof(short));
        *iptr = rand();

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault