r2528 - trunk/varnish-cache/lib/libvarnishcompat
des at projects.linpro.no
des at projects.linpro.no
Thu Feb 21 22:14:58 CET 2008
Author: des
Date: 2008-02-21 22:14:57 +0100 (Thu, 21 Feb 2008)
New Revision: 2528
Modified:
trunk/varnish-cache/lib/libvarnishcompat/srandomdev.c
Log:
We don't need cryptographic-strength randomness here. Try /dev/urandom
first, then /dev/random, then fall back to pid and time. Using an
uninitialized stack variable as seed is just silly, and Coverity rightly
complains about it (CID#19)
Modified: trunk/varnish-cache/lib/libvarnishcompat/srandomdev.c
===================================================================
--- trunk/varnish-cache/lib/libvarnishcompat/srandomdev.c 2008-02-21 20:55:08 UTC (rev 2527)
+++ trunk/varnish-cache/lib/libvarnishcompat/srandomdev.c 2008-02-21 21:14:57 UTC (rev 2528)
@@ -49,13 +49,13 @@
unsigned int seed;
int fd;
- if ((fd = open("/dev/random", O_RDONLY)) >= 0) {
+ if ((fd = open("/dev/urandom", O_RDONLY)) >= 0 ||
+ (fd = open("/dev/random", O_RDONLY)) >= 0) {
read(fd, &seed, sizeof seed);
close(fd);
} else {
gettimeofday(&tv, NULL);
- /* NOTE: intentional use of uninitialized variable */
- seed ^= (getpid() << 16) ^ tv.tv_sec ^ tv.tv_usec;
+ seed = (getpid() << 16) ^ tv.tv_sec ^ tv.tv_usec;
}
srandom(seed);
}
More information about the varnish-commit
mailing list