The current implementation of the selection of a random sequence of
ports in nc -r suffers from modulo bias and a biased shuffling
procedure. Use arc4random_uniform() and the Fisher-Yates shuffle
instead.
Index: usr.bin/nc/netcat.c
===================================================================
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.144
diff -u -p -r1.144 netcat.c
--- usr.bin/nc/netcat.c 23 Nov 2015 01:23:56 -0000 1.144
+++ usr.bin/nc/netcat.c 6 Dec 2015 18:28:39 -0000
@@ -1303,8 +1303,8 @@ build_ports(char *p)
int y;
char *c;
- for (x = 0; x <= (hi - lo); x++) {
- y = (arc4random() & 0xFFFF) % (hi - lo);
+ for (x = hi - lo; x >= 1; x--) {
+ y = lo + arc4random_uniform(x + 1);
c = portlist[x];
portlist[x] = portlist[y];
portlist[y] = c;
