From 85c3f6227b47407d55b7e88b8e0c66c01fd3cb0d Mon Sep 17 00:00:00 2001 From: Chocobo1 Date: Tue, 29 Jul 2025 17:07:02 +0800 Subject: [PATCH] WebUI: use secure random number generator for generating random port Cryptographically strong random number generators are generally preferred over others. --- src/webui/www/private/views/preferences.html | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/webui/www/private/views/preferences.html b/src/webui/www/private/views/preferences.html index 2c5bb2444..198cb5409 100644 --- a/src/webui/www/private/views/preferences.html +++ b/src/webui/www/private/views/preferences.html @@ -2127,9 +2127,11 @@ Use ';' to split multiple entries. Can use wildcard '*'.)QBT_TR[CONTEXT=OptionsD }; const generateRandomPort = () => { - const min = 1024; - const max = 65535; - const port = Math.floor(Math.random() * (max - min + 1) + min); + // don't use modulo operations to avoid 'modulo bias' + const buffer = new Uint16Array(1); + let port = crypto.getRandomValues(buffer)[0]; + while (port < 1024) + port = crypto.getRandomValues(buffer)[0]; document.getElementById("portValue").value = port; };