Just a bit of security hygiene. (#4313)

* Make sure to call randomSeed() on esp32 * Randomize the top 22 bits of the Message ID * Make it clear that we are not calling randomSeed() on purpose --------- Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
2025-12-20 01:32:40 +00:00 · 2024-07-23 11:52:14 -05:00
parent e27375d331
commit 300c3d32aa
2 changed files with 12 additions and 7 deletions
--- a/src/mesh/Router.cpp
+++ b/src/mesh/Router.cpp
@@ -92,22 +92,23 @@ void Router::enqueueReceivedMessage(meshtastic_MeshPacket *p)
 // FIXME, move this someplace better
 PacketId generatePacketId()
 {
-    static uint32_t i; // Note: trying to keep this in noinit didn't help for working across reboots
+    static uint32_t rollingPacketId; // Note: trying to keep this in noinit didn't help for working across reboots
    static bool didInit = false;

-    uint32_t numPacketId = UINT32_MAX;
-
    if (!didInit) {
        didInit = true;

        // pick a random initial sequence number at boot (to prevent repeated reboots always starting at 0)
        // Note: we mask the high order bit to ensure that we never pass a 'negative' number to random
-        i = random(numPacketId & 0x7fffffff);
-        LOG_DEBUG("Initial packet id %u, numPacketId %u\n", i, numPacketId);
+        rollingPacketId = random(UINT32_MAX & 0x7fffffff);
+        LOG_DEBUG("Initial packet id %u\n", rollingPacketId);
    }

-    i++;
-    PacketId id = (i % numPacketId) + 1; // return number between 1 and numPacketId (ie - never zero)
+    rollingPacketId++;
+
+    rollingPacketId &= UINT32_MAX >> 22;                                   // Mask out the top 22 bits
+    PacketId id = rollingPacketId | random(UINT32_MAX & 0x7fffffff) << 10; // top 22 bits
+    LOG_DEBUG("Partially randomized packet id %u\n", id);
    return id;
 }