From caad8eaa6338f7120424719cdcd014d43e3bc21f Mon Sep 17 00:00:00 2001 From: des Date: Thu, 21 Feb 2008 21:14:57 +0000 Subject: [PATCH] We don't need cryptographic-strength randomness here. Try /dev/urandom first, then /dev/random, then fall back to pid and time. Using an uninitialized stack variable as seed is just silly, and Coverity rightly complains about it (CID#19) git-svn-id: svn+ssh://projects.linpro.no/svn/varnish/trunk@2528 d4fa192b-c00b-0410-8231-f00ffab90ce4 --- varnish-cache/lib/libvarnishcompat/srandomdev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/varnish-cache/lib/libvarnishcompat/srandomdev.c b/varnish-cache/lib/libvarnishcompat/srandomdev.c index b1d3ecc9..78530b56 100644 --- a/varnish-cache/lib/libvarnishcompat/srandomdev.c +++ b/varnish-cache/lib/libvarnishcompat/srandomdev.c @@ -49,13 +49,13 @@ srandomdev(void) unsigned int seed; int fd; - if ((fd = open("/dev/random", O_RDONLY)) >= 0) { + if ((fd = open("/dev/urandom", O_RDONLY)) >= 0 || + (fd = open("/dev/random", O_RDONLY)) >= 0) { read(fd, &seed, sizeof seed); close(fd); } else { gettimeofday(&tv, NULL); - /* NOTE: intentional use of uninitialized variable */ - seed ^= (getpid() << 16) ^ tv.tv_sec ^ tv.tv_usec; + seed = (getpid() << 16) ^ tv.tv_sec ^ tv.tv_usec; } srandom(seed); } -- 2.39.5