github/rclone
1
Fork 0
mirror of https://github.com/rclone/rclone synced 2025-01-10 13:06:26 +01:00
Code Releases Activity

random: stop using deprecated rand.Seed in go1.20 and later

Browse Source
This commit is contained in:
Nick Craig-Wood 2023-11-24 10:05:53 +00:00
parent 5d5473c8a5
commit 94ccc95515
3 changed files with 46 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/random/random.go
View File

@ -67,19 +67,3 @@ func Password(bits int) (password string, err error) {
password = base64.RawURLEncoding.EncodeToString(pw) password = base64.RawURLEncoding.EncodeToString(pw)
return password, nil return password, nil
} }
// Seed the global math/rand with crypto strong data
//
// This doesn't make it OK to use math/rand in crypto sensitive
// environments - don't do that! However it does help to mitigate the
// problem if that happens accidentally. This would have helped with
// CVE-2020-28924 - #4783
func Seed() error {
var seed int64
err := binary.Read(cryptorand.Reader, binary.LittleEndian, &seed)
if err != nil {
return fmt.Errorf("failed to read random seed: %w", err)
}
mathrand.Seed(seed)
return nil
}

17
lib/random/random_seed.go Normal file
View File

@ -0,0 +1,17 @@
//go:build go1.20
package random
// Seed the global math/rand with crypto strong data
//
// This doesn't make it OK to use math/rand in crypto sensitive
// environments - don't do that! However it does help to mitigate the
// problem if that happens accidentally. This would have helped with
// CVE-2020-28924 - #4783
//
// As of Go 1.20 there is no reason to call math/rand.Seed with a
// random value as it is self seeded to a random 64 bit number so this
// does nothing.
func Seed() error {
return nil
}

29
lib/random/random_seed_old.go Normal file
View File

@ -0,0 +1,29 @@
//go:build !go1.20
package random
import (
cryptorand "crypto/rand"
"encoding/binary"
"fmt"
mathrand "math/rand"
)
// Seed the global math/rand with crypto strong data
//
// This doesn't make it OK to use math/rand in crypto sensitive
// environments - don't do that! However it does help to mitigate the
// problem if that happens accidentally. This would have helped with
// CVE-2020-28924 - #4783
//
// As of Go 1.20 there is no reason to call math/rand.Seed with a
// random value as it is self seeded to a random 64 bit number.
func Seed() error {
var seed int64
err := binary.Read(cryptorand.Reader, binary.LittleEndian, &seed)
if err != nil {
return fmt.Errorf("failed to read random seed: %w", err)
}
mathrand.Seed(seed)
return nil
}