On Sun, Dec 06, 2015 at 07:37:27PM +0100, Theo Buehler wrote:
> The current implementation of the selection of a random sequence of
> ports in nc -r suffers from modulo bias and a biased shuffling
> procedure. Use arc4random_uniform() and the Fisher-Yates shuffle
> instead.
Sorry, I attached the wrong patch.
Index: usr.bin/nc/netcat.c
===================================================================
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.144
diff -u -p -r1.144 netcat.c
--- usr.bin/nc/netcat.c 23 Nov 2015 01:23:56 -0000 1.144
+++ usr.bin/nc/netcat.c 6 Dec 2015 18:46:42 -0000
@@ -1303,8 +1303,8 @@ build_ports(char *p)
int y;
char *c;
- for (x = 0; x <= (hi - lo); x++) {
- y = (arc4random() & 0xFFFF) % (hi - lo);
+ for (x = hi - lo; x >= 1; x--) {
+ y = arc4random_uniform(x + 1);
c = portlist[x];
portlist[x] = portlist[y];
portlist[y] = c;
