We don't need cryptographic-strength randomness here. Try /dev/urandom

first, then /dev/random, then fall back to pid and time.  Using an
uninitialized stack variable as seed is just silly, and Coverity rightly
complains about it (CID#19)

git-svn-id: svn+ssh://projects.linpro.no/svn/varnish/trunk@2528 d4fa192b-c00b-0410-8231-f00ffab90ce4

diff --git a/varnish-cache/lib/libvarnishcompat/srandomdev.c b/varnish-cache/lib/libvarnishcompat/srandomdev.c
index b1d3ecc99aba7576bd6b0bc2da399c06cba4ba3a..78530b566ef793767374330486811e04ccfcf1ff 100644 (file)
--- a/varnish-cache/lib/libvarnishcompat/srandomdev.c
+++ b/varnish-cache/lib/libvarnishcompat/srandomdev.c
@@ -49,13 +49,13 @@ srandomdev(void)
        unsigned int seed;
        int fd;
 
-       if ((fd = open("/dev/random", O_RDONLY)) >= 0) {
+       if ((fd = open("/dev/urandom", O_RDONLY)) >= 0 ||
+           (fd = open("/dev/random", O_RDONLY)) >= 0) {
                read(fd, &seed, sizeof seed);
                close(fd);
        } else {
                gettimeofday(&tv, NULL);
-               /* NOTE: intentional use of uninitialized variable */
-               seed ^= (getpid() << 16) ^ tv.tv_sec ^ tv.tv_usec;
+               seed = (getpid() << 16) ^ tv.tv_sec ^ tv.tv_usec;
        }
        srandom(seed);
 }