Set the math.randomseed value in nse_main.lua on behalf of scripts.

Since Lua uses the C rand and srand functions, which have a static seed for the entire program, we don't want scripts doing this themselves.
2025-12-07 21:21:31 +00:00 · 2011-05-23 21:43:46 +00:00
parent b9a4c703b3
commit 5a68e5f04a
12 changed files with 9 additions and 41 deletions
--- a/nse_main.lua
+++ b/nse_main.lua
@@ -96,6 +96,12 @@ local open = io.open;
 local math = require "math";
 local max = math.max;

+-- Due to heap randomization (on most Operating Systems), we can use a
+-- Lua function address as a good seed for the C srand function. If there
+-- is no heap randomization, it's still a decently random integer; that is,
+-- it's no better or worse than os.time().
+math.randomseed(tonumber(tostring(function() end):match("function: (0x%x+)")));
+
 local package = require "package";

 local string = require "string";
--- a/nselib/mssql.lua
+++ b/nselib/mssql.lua
@@ -1691,11 +1691,6 @@ TDSStream = {
 			self._socket:set_timeout( MSSQL_TIMEOUT * 1000 )
 	
 			status, _, lport, _, _ = self._socket:get_info()
-			if ( status ) then
-				math.randomseed(os.time() * lport )
-			else
-				math.randomseed(os.time() )
-			end
 		end
 		
 		if ( not(status) ) then
--- a/nselib/rpc.lua
+++ b/nselib/rpc.lua
@@ -120,8 +120,6 @@ RPC_version = {
    ["mountd"] = { min=1, max=3 },
 }

-math.randomseed( os.time() )
-
 -- Low-level communication class
 Comm = {

--- a/nselib/sip.lua
+++ b/nselib/sip.lua
@@ -683,13 +683,6 @@ Util = {

 		local str = ""

-		-- Seed the random number, if we haven't already
-		if (not(nmap.registry.sip) or not(nmap.registry.sip.seeded)) then
-			math.randomseed(os.time())
-			nmap.registry.sip = {}
-			nmap.registry.sip.seeded = true
-		end
-
 		for i = 1, length, 1 do
 			local random = math.random(#set)
 			str = str .. string.sub(set, random, random)
--- a/nselib/tns.lua
+++ b/nselib/tns.lua
@@ -86,9 +86,6 @@ local HAVE_SSL = false

 if pcall(require,'openssl') then
  HAVE_SSL = true
-  math.randomseed( select(2, bin.unpack(">L", openssl.rand_bytes(8))))
-else
-  math.randomseed( os.time() )
 end


--- a/scripts/dhcp-discover.nse
+++ b/scripts/dhcp-discover.nse
@@ -82,9 +82,6 @@ end
 --end

 local function go(host, port)
-	-- We're going to need some low quality random numbers
-	math.randomseed(os.time())
-
 	-- Set up a fake host for prerule
 	if(not(host)) then
 		host = {}
--- a/scripts/dns-fuzz.nse
+++ b/scripts/dns-fuzz.nse
@@ -280,7 +280,6 @@ function corruptAndSend (host, port, query)
 end

 action = function(host, port)
-     math.randomseed(os.time())
     local endT
     local timelimit, err
     local retStr
--- a/scripts/nping-brute.nse
+++ b/scripts/nping-brute.nse
@@ -180,7 +180,6 @@ Driver =
 }

 action = function(host, port)
-	math.randomseed(nmap.clock())
 	local engine = brute.Engine:new(Driver, host, port)
 	engine.options.firstonly = true
 	engine.options:setOption("passonly", true)
--- a/scripts/oracle-enum-users.nse
+++ b/scripts/oracle-enum-users.nse
@@ -79,13 +79,6 @@ local function get_random_string(length, set)

 	local str = ""

-	-- Seed the random number, if we haven't already
-	if (not(nmap.registry.oracle_enum_users) or not(nmap.registry.oracle_enum_users.seeded)) then
-		math.randomseed(os.time())
-		nmap.registry.oracle_enum_users = {}
-		nmap.registry.oracle_enum_users.seeded = true
-	end
-
 	for i = 1, length, 1 do
 		local random = math.random(#set)
 		str = str .. string.sub(set, random, random)
--- a/scripts/sip-brute.nse
+++ b/scripts/sip-brute.nse
@@ -73,7 +73,6 @@ Driver = {
 -- was successful which makes it impossible to tell successfull logins
 -- from non-existing accounts apart.
 local function checkBadUser(host, port)
-	math.randomseed( os.time() )
 	local user = "baduser-" .. math.random(10000)
 	local pass = "badpass-" .. math.random(10000)
 	local helper = sip.Helper:new(host, port, { expires = 0 })
--- a/scripts/smb-brute.nse
+++ b/scripts/smb-brute.nse
@@ -172,13 +172,6 @@ local function get_random_string(length, set)

 	local str = ""

-	-- Seed the random number, if we haven't already
-	if not nmap.registry.smbbrute or not nmap.registry.smbbrute.seeded then
-		math.randomseed(os.time())
-		nmap.registry.smbbrute = {}
-		nmap.registry.smbbrute.seeded = true
-	end
-
 	for i = 1, length, 1 do
 		local random = math.random(#set)
 		str = str .. string.sub(set, random, random)
--- a/scripts/smb-psexec.nse
+++ b/scripts/smb-psexec.nse
@@ -693,7 +693,6 @@ local function get_config(host, config)
 	elseif(nmap.registry.args.key) then
 		config.key = nmap.registry.args.key
 	else
-		math.randomseed( os.time() )
 		config.key = ""
 		for i = 1, 127, 1 do
 			config.key = config.key .. string.char(math.random(0x20, 0x7F))