From 221c2b7d4a177530c113cbf62470705c3044a84c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Paul=20H=C3=A4nsch?= <paul@plutz.net>
Date: Wed, 17 Jun 2026 18:28:43 +0200
Subject: [PATCH] avoid null characters in server secret, remove debug output

---
 session.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/session.sh b/session.sh
index c3a44e8..a29cbf4 100755
--- a/session.sh
+++ b/session.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright 2018 - 2022 Paul Hänsch
+# Copyright 2018 - 2022, 2026 Paul Hänsch
 # 
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -45,7 +45,8 @@ fi
 server_key(){
   IDFILE="${IDFILE:-${_DATA:-.}/serverkey}"
   if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then
-    dd count=1 bs=512 if=/dev/urandom \
+    tr -d \\0 </dev/urandom \
+    | dd count=1 bs=512 \
     | tee "$IDFILE"
   fi 2>&-
 }
@@ -116,7 +117,7 @@ update_session(){
 new_session(){
   local sid time sig
 
-  debug "Setting up new session"
+  # debug "Setting up new session"
   sid="$(randomid)"
   time=$(( $_DATE + $SESSION_TIMEOUT ))
   sig="$(session_mac "$sid" "$time")"
-- 
2.47.3