From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 3 Apr 2024 23:31:04 +0000 (-0400)
Subject: randomize the ID array.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dbe2f2fdf85a6acff229897107e8b5fbf4b95f3a;p=thirdparty%2Ffreeradius-server.git

randomize the ID array.

There's no reason to let observers know how many packets we've sent.
---

diff --git a/src/protocols/radius/id.c b/src/protocols/radius/id.c
index ed62088bee5..170d9d103bb 100644
--- a/src/protocols/radius/id.c
+++ b/src/protocols/radius/id.c
@@ -44,7 +44,7 @@ struct fr_radius_id_s {
  */
 fr_radius_id_t *fr_radius_id_alloc(TALLOC_CTX *ctx)
 {
-	int i;
+	uint32_t i;
 	fr_radius_id_t *track;
 
 	track = talloc_zero(ctx, fr_radius_id_t);
@@ -58,6 +58,28 @@ fr_radius_id_t *fr_radius_id_alloc(TALLOC_CTX *ctx)
 		track->free_ids[i] = i;
 	}
 
+	/*
+	 *	Shuffle the entirs using a Fisher-Yates shuffle.
+	 *
+	 *	We loop from i=255..1, choosing random numbers j, such that 0 <= j <= i
+	 *	And then swap a[j],a[i]
+	 *
+	 *	We choose a 32-bit random number, and then take the modulo of that and i+1.  Which means that
+	 *	the resulting random number j is [0..i], whereas taking the modulo with i, then the random
+	 *	number j will instead be chosen to be [0..i)
+	 */
+	for (i = 255; i >= 1; i--) {
+		uint32_t j = fr_rand() % (i + 1); /* small bias, but we don't care much */
+		int tmp;
+
+		if (j == i) continue;
+
+		tmp = track->free_ids[j];
+		track->free_ids[j] = track->free_ids[i];
+		track->free_ids[i] = tmp;
+	}
+
+
 	return track;
 }