From: des <des@d4fa192b-c00b-0410-8231-f00ffab90ce4>
Date: Thu, 21 Feb 2008 21:14:57 +0000 (+0000)
Subject: We don't need cryptographic-strength randomness here.  Try /dev/urandom
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=caad8eaa6338f7120424719cdcd014d43e3bc21f;p=varnish

We don't need cryptographic-strength randomness here.  Try /dev/urandom
first, then /dev/random, then fall back to pid and time.  Using an
uninitialized stack variable as seed is just silly, and Coverity rightly
complains about it (CID#19)


git-svn-id: svn+ssh://projects.linpro.no/svn/varnish/trunk@2528 d4fa192b-c00b-0410-8231-f00ffab90ce4
---

diff --git a/varnish-cache/lib/libvarnishcompat/srandomdev.c b/varnish-cache/lib/libvarnishcompat/srandomdev.c
index b1d3ecc9..78530b56 100644
--- a/varnish-cache/lib/libvarnishcompat/srandomdev.c
+++ b/varnish-cache/lib/libvarnishcompat/srandomdev.c
@@ -49,13 +49,13 @@ srandomdev(void)
 	unsigned int seed;
 	int fd;
 
-	if ((fd = open("/dev/random", O_RDONLY)) >= 0) {
+	if ((fd = open("/dev/urandom", O_RDONLY)) >= 0 ||
+	    (fd = open("/dev/random", O_RDONLY)) >= 0) {
 		read(fd, &seed, sizeof seed);
 		close(fd);
 	} else {
 		gettimeofday(&tv, NULL);
-		/* NOTE: intentional use of uninitialized variable */
-		seed ^= (getpid() << 16) ^ tv.tv_sec ^ tv.tv_usec;
+		seed = (getpid() << 16) ^ tv.tv_sec ^ tv.tv_usec;
 	}
 	srandom(seed);
 }