Skip to content

Commit

Permalink
Merge pull request socketio#857 from martinthomson/bug/856
Browse files Browse the repository at this point in the history
Fix for ID generation vulnerability socketio#856
  • Loading branch information
rauchg committed Apr 26, 2012
2 parents fe6dd87 + aaad106 commit de1afe1
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions lib/manager.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
var fs = require('fs')
, url = require('url')
, tty = require('tty')
, crypto = require('crypto')
, util = require('./util')
, store = require('./store')
, client = require('socket.io-client')
Expand Down Expand Up @@ -139,6 +140,8 @@ function Manager (server, options) {
self.emit('connection', conn);
});

this.sequenceNumber = Date.now() | 0;

this.log.info('socket.io started');
};

Expand Down Expand Up @@ -703,8 +706,18 @@ Manager.prototype.handleClient = function (data, req) {
*/

Manager.prototype.generateId = function () {
return Math.abs(Math.random() * Math.random() * Date.now() | 0).toString()
+ Math.abs(Math.random() * Math.random() * Date.now() | 0).toString();
var rand = new Buffer(15); // multiple of 3 for base64
this.sequenceNumber = (this.sequenceNumber + 1) | 0;
rand.writeInt32BE(this.sequenceNumber, 11);
if (crypto.randomBytes) {
crypto.randomBytes(12).copy(rand);
} else {
// not secure for node 0.4
[0, 4, 8].forEach(function(i) {
rand.writeInt32BE(Math.random() * Math.pow(2, 32) | 0, i);
});
}
return rand.toString('base64').replace(/\//g, '_').replace(/\+/g, '-');
};

/**
Expand Down

0 comments on commit de1afe1

Please sign in to comment.