Expose nbase's get_random_bytes as an alternative random source for NSE, via rand.random_string

2025-12-06 04:31:29 +00:00 · 2018-10-17 00:30:15 +00:00
parent 73715b15b5
commit 37384c2225
2 changed files with 32 additions and 7 deletions
--- a/nse_nmaplib.cc
+++ b/nse_nmaplib.cc
@@ -16,6 +16,7 @@
 #include "osscan.h"
 #include "protocols.h"
 #include "libnetutil/netutil.h"
+#include <nbase.h>

 #include "nse_nmaplib.h"
 #include "nse_utility.h"
@@ -961,6 +962,28 @@ static int l_get_payload_length(lua_State *L)
  return 1;
 }

+/* Get a string of pseudorandom bytes. See nbase's get_random_bytes for details */
+static int l_get_random_bytes(lua_State *L)
+{
+  luaL_Buffer b;
+  int numbytes;
+  char *buf;
+  numbytes = luaL_checkinteger(L, 1);
+  if (numbytes < 0)
+    return luaL_error(L, "Invalid length argument to get_random_bytes.");
+  else if (numbytes == 0) {
+    lua_pushliteral(L, "");
+  }
+  else {
+    buf = luaL_buffinitsize(L, &b, (size_t) numbytes);
+    if (get_random_bytes(buf, numbytes) != 0) {
+      return luaL_error(L, "Error in nbase's get_random_bytes.");
+    }
+    luaL_pushresultsize(&b, (size_t) numbytes);
+  }
+  return 1;
+}
+
 int luaopen_nmap (lua_State *L)
 {
  static const luaL_Reg nmaplib [] = {
@@ -989,6 +1012,7 @@ int luaopen_nmap (lua_State *L)
    {"list_interfaces", l_list_interfaces},
    {"get_ttl", l_get_ttl},
    {"get_payload_length",l_get_payload_length},
+    {"get_random_bytes", l_get_random_bytes},
    {"new_dnet", nseU_placeholder}, /* imported from nmap.dnet */
    {"get_interface_info", nseU_placeholder}, /* imported from nmap.dnet */
    {"new_socket", nseU_placeholder}, /* imported from nmap.socket */
--- a/nselib/rand.lua
+++ b/nselib/rand.lua
@@ -24,6 +24,13 @@ local concat = table.concat
 local type = type
 local _ENV = {}

+local get_random_bytes
+if have_openssl then
+  get_random_bytes = openssl.rand_pseudo_bytes
+else
+  get_random_bytes = require "nmap".get_random_bytes
+end
+
 --- Generate a random string.
 --
 -- You can either provide your own charset or the function will generate random
@@ -46,13 +53,7 @@ random_string = function(len, charset)
      end
    end
  else
-    if have_openssl then
-      return openssl.rand_pseudo_bytes(len)
-    else
-      for i=1,len do
-        t[i]=char(random(0 ,0xff))
-      end
-    end
+    return get_random_bytes(len)
  end
  return concat(t)
 end