From 03724d5eb1a6b769c7ebd53c313f7ca9325e1ea2 Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Sat, 9 Nov 2024 15:55:18 +0100
Subject: [PATCH] remove fallback if rand.Reader fails

Failing to read from rand.Reader essentially can't happen, and if it
does is not possible to fallback securely, so just panic

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
---
 internal/util/util.go | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/internal/util/util.go b/internal/util/util.go
index b9677a70..e9eddb62 100644
--- a/internal/util/util.go
+++ b/internal/util/util.go
@@ -48,7 +48,6 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/lithammer/shortuuid/v4"
-	"github.com/rs/xid"
 	"golang.org/x/crypto/ssh"
 
 	"github.com/drakkan/sftpgo/v2/internal/logger"
@@ -566,23 +565,17 @@ func createDirPathIfMissing(file string, perm os.FileMode) error {
 func GenerateRandomBytes(length int) []byte {
 	b := make([]byte, length)
 	_, err := io.ReadFull(rand.Reader, b)
-	if err == nil {
-		return b
+	if err != nil {
+		PanicOnError(fmt.Errorf("failed to read random data (see https://go.dev/issue/66821): %w", err))
 	}
-
-	b = xid.New().Bytes()
-	for len(b) < length {
-		b = append(b, xid.New().Bytes()...)
-	}
-
-	return b[:length]
+	return b
 }
 
 // GenerateUniqueID returns an unique ID
 func GenerateUniqueID() string {
 	u, err := uuid.NewRandom()
 	if err != nil {
-		return xid.New().String()
+		PanicOnError(fmt.Errorf("failed to read random data (see https://go.dev/issue/66821): %w", err))
 	}
 	return shortuuid.DefaultEncoder.Encode(u)
 }