upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-27 20:01:15 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

CLEANUP: haterm: avoid static analyzer warnings about rand() use

Browse source 
Avoid such a warnings from coverity:

CID 1645121: (#1 of 1): Calling risky function (DC.WEAK_CRYPTO)
dont_call: random should not be used for security-related applications,
because linear congruential algorithms are too easy to break.

Reported in GH #3283 and #3285
This commit is contained in:
Frederic Lecaille 2026-02-23 10:39:59 +01:00
parent a5a053e612
commit bb3304c6af
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/haterm.c
View file

@ -645,7 +645,7 @@ static void hstream_parse_uri(struct ist uri, struct hstream *hs)
} while (*next);
if (use_rand)
result = ((long long)random() * result) / ((long long)RAND_MAX + 1);
result = ((long long)ha_random64() * result) / ((long long)RAND_MAX + 1);
switch (*arg) {
case 's':
@ -1016,7 +1016,7 @@ static int hstream_build_responses(void)
}
for (i = 0; i < random_resp_len; i++)
random_resp[i] = rand() >> 16;
random_resp[i] = ha_random32() >> 16;
return 1;
}