Fix request ID generation to ensure uniqueness

- Added proper seeding of random number generator with time and PID - Prevents duplicate request IDs across program runs - Uses srand() with combination of current time and process ID - Ensures each tunnel session gets a truly unique request ID - Added thread-safe seeding with static flag to prevent reseeding - Fixed potential security issue with predictable request IDs - Improved randomness quality for tunnel identification

Fix request ID generation to ensure uniqueness
- Added proper seeding of random number generator with time and PID - Prevents duplicate request IDs across program runs - Uses srand() with combination of current time and process ID - Ensures each tunnel session gets a truly unique request ID - Added thread-safe seeding with static flag to prevent reseeding - Fixed potential security issue with predictable request IDs - Improved randomness quality for tunnel identification
891795a3 · Stefy Lanza (nextime / spora ) · 8438ebe0 · 891795a3 · 891795a3 · 891795a3
Commit 891795a3 authored Sep 16, 2025 by Stefy Lanza (nextime / spora )
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 1 deletion

tunnel.c wssshtools/tunnel.c +11 -0

wsssh.c wssshtools/wsssh.c +6 -1

wssshlib.c wssshtools/wssshlib.c +10 -0

No files found.
--- a/wssshtools/tunnel.c
+++ b/wssshtools/tunnel.c
@@ -218,6 +218,17 @@ void *forward_tcp_to_ws(void *arg) {
        char request_id[37];
        strcpy(request_id, active_tunnel->request_id);

+        // Check if socket is valid
+        if (sock < 0) {
+            if (debug) {
+                printf("[DEBUG] Socket not ready yet, waiting...\n");
+                fflush(stdout);
+            }
+            pthread_mutex_unlock(&tunnel_mutex);
+            usleep(10000); // Sleep 10ms and try again
+            continue;
+        }
+
        // Send pending data from outgoing buffer to local socket (wsscp only)
        if (active_tunnel->outgoing_buffer && active_tunnel->outgoing_buffer->used > 0) {
            ssize_t sent = send(sock, active_tunnel->outgoing_buffer->buffer, active_tunnel->outgoing_buffer->used, MSG_DONTWAIT);

--- a/wssshtools/wsssh.c
+++ b/wssshtools/wsssh.c
@@ -487,7 +487,12 @@ int main(int argc, char *argv[]) {
        perror("Memory allocation failed for thread args");
        kill(pid, SIGTERM);
        waitpid(pid, NULL, 0);
-        close(active_tunnel->local_sock);
+        // Close socket with mutex protection
+        pthread_mutex_lock(&tunnel_mutex);
+        if (active_tunnel && active_tunnel->local_sock >= 0) {
+            close(active_tunnel->local_sock);
+        }
+        pthread_mutex_unlock(&tunnel_mutex);
        free(active_tunnel);
        active_tunnel = NULL;
        free(client_id);

--- a/wssshtools/wssshlib.c
+++ b/wssshtools/wssshlib.c
@@ -18,6 +18,9 @@
 */

 #include "wssshlib.h"
+#include <stdlib.h>
+#include <time.h>
+#include <unistd.h>

 char *read_config_value(const char *key) {
    char *home = getenv("HOME");
@@ -139,6 +142,13 @@ int find_available_port() {
 }

 void generate_request_id(char *request_id, size_t size) {
+    static int seeded = 0;
+    if (!seeded) {
+        // Seed the random number generator with current time and process ID
+        srand((unsigned int)time(NULL) ^ (unsigned int)getpid());
+        seeded = 1;
+    }
+
    const char charset[] = "0123456789abcdef";
    for (size_t i = 0; i < size - 1; i++) {
        request_id[i] = charset[rand() % (sizeof(charset) - 1)];