From fa4559cba823e60dc795bdbab58d4c2b192f5ee6 Mon Sep 17 00:00:00 2001
From: Ilia Rostovtsev <ilia@rostovtsev.io>
Date: Fri, 20 Mar 2020 14:38:18 +0300
Subject: [PATCH] Add better alternative randomness and check for hex stricter

---
 miniserv.pl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/miniserv.pl b/miniserv.pl
index 4b1f6b67e..a10544303 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -4034,7 +4034,7 @@ if (!$bad_urandom) {
 		my $tmpsid;
 		if (read(RANDOM, $tmpsid, 16) == 16) {
 			$sid = lc(unpack('h*',$tmpsid));
-			if (length($sid) < 32) {
+			if ($sid !~ /^[0-9a-fA-F]{32}+$/) {
 				$sid = 'bad';
 				}
 			}
@@ -4043,8 +4043,10 @@ if (!$bad_urandom) {
 	alarm(0);
 	}
 if (!$sid && !$force_urandom) {
+	my $offset = int(rand(2048));
 	my @charset = ('0' ..'9', 'a' .. 'f');
-	$sid = join('', map { $charset[rand(@charset)] } 1 .. 32);
+	$sid = join('', map { $charset[rand(@charset)] } 1 .. 4096);
+	$sid = substr($sid, $offset, 32);
 	}
 return $sid;
 }