Veracode static analysis results

Mark Doliner mark at kingant.net
Sun Dec 30 01:03:23 EST 2012


On Sat, Dec 29, 2012 at 5:35 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Neither rand() nor g_rand_int() uses /dev/random

I didn't realize that.  How does the attached patch (against trunk)
look?  I suppose I should wrap it in #ifdef DEV_RANDOM_EXISTS or some
such.  Anyone think this should go into 2.x.y?  The code in question
is called from two places:
libpurple/proxy.c
libpurple/protocols/simple/simple.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntlm_gensesskey_use_dev_random.diff
Type: application/octet-stream
Size: 957 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20121229/3f23213b/attachment.obj>


More information about the security mailing list