Veracode static analysis results
Mark Doliner
mark at kingant.net
Sun Dec 30 01:03:23 EST 2012
On Sat, Dec 29, 2012 at 5:35 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Neither rand() nor g_rand_int() uses /dev/random
I didn't realize that. How does the attached patch (against trunk)
look? I suppose I should wrap it in #ifdef DEV_RANDOM_EXISTS or some
such. Anyone think this should go into 2.x.y? The code in question
is called from two places:
libpurple/proxy.c
libpurple/protocols/simple/simple.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntlm_gensesskey_use_dev_random.diff
Type: application/octet-stream
Size: 957 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20121229/3f23213b/attachment.obj>
More information about the security
mailing list