Use crypto/rand to seed math/rand instead of using the default seed

miekg · Jun 4, 2016 · 6b9ea18 · 6b9ea18
1 parent cbeae15
commit 6b9ea18
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/msg.go b/msg.go
@@ -11,15 +11,28 @@ package dns
 //go:generate go run msg_generate.go
 
 import (
+	crand "crypto/rand"
+	"encoding/binary"
 	"encoding/hex"
+	"math"
 	"math/big"
 	"math/rand"
 	"net"
 	"reflect"
 	"strconv"
-	"time"
 )
 
+func init() {
+	// Initialize default math/rand source using crypto/rand to provide better
+	// security without the performance trade-off.
+	buf := make([]byte, 8)
+	_, err := crand.Read(buf)
+	if err != nil {
+		panic(err)
+	}
+	rand.Seed(int64(binary.BigEndian.Uint64(buf) % math.MaxInt64))
+}
+
 const maxCompressionOffset = 2 << 13 // We have 14 bits for the compression pointer
 
 var (
@@ -1911,7 +1924,7 @@ func compressionLenSearchType(c map[string]int, r RR) (int, bool) {
 // id returns a 16 bits random number to be used as a
 // message id. The random provided should be good enough.
 func id() uint16 {
-	return uint16(rand.Int()) ^ uint16(time.Now().Nanosecond())
+	return uint16(rand.Uint32() % math.MaxUint16)
 }
 
 // Copy returns a new RR which is a deep-copy of r.