From aa95b502729fef26f2a96cee31c8e3deb0c8d69c Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Thu, 25 Mar 2021 20:05:32 +0000 Subject: [PATCH] Use CSPRNG to pick the next candidate of MockDomains --- cmd/ck-client/ck-client.go | 8 +++++--- cmd/ck-client/protector_android.go | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cmd/ck-client/ck-client.go b/cmd/ck-client/ck-client.go index 08282d5..38bf95d 100644 --- a/cmd/ck-client/ck-client.go +++ b/cmd/ck-client/ck-client.go @@ -8,7 +8,6 @@ import ( "flag" "fmt" "github.com/cbeuw/Cloak/internal/common" - "math/rand" "net" "os" @@ -174,10 +173,13 @@ func main() { log.Infof("Listening on %v %v for %v client", network, localConfig.LocalAddr, authInfo.ProxyMethod) seshMaker = func() *mux.Session { authInfo := authInfo // copy the struct because we are overwriting SessionId + + randByte := make([]byte, 1) + common.RandRead(authInfo.WorldState.Rand, randByte) + authInfo.MockDomain = localConfig.MockDomainList[int(randByte[0])%len(localConfig.MockDomainList)] + // sessionID is usergenerated. There shouldn't be a security concern because the scope of // sessionID is limited to its UID. - - authInfo.MockDomain = localConfig.MockDomainList[rand.Intn(len(localConfig.MockDomainList))] quad := make([]byte, 4) common.RandRead(authInfo.WorldState.Rand, quad) authInfo.SessionId = binary.BigEndian.Uint32(quad) diff --git a/cmd/ck-client/protector_android.go b/cmd/ck-client/protector_android.go index 639b98c..fbaea7b 100644 --- a/cmd/ck-client/protector_android.go +++ b/cmd/ck-client/protector_android.go @@ -1,4 +1,5 @@ // +build android + package main // Stolen from https://github.com/shadowsocks/overture/blob/shadowsocks/core/utils/utils_android.go