Veracode static analysis results

Mark Doliner mark at
Sun Dec 30 01:03:23 EST 2012

On Sat, Dec 29, 2012 at 5:35 PM, Ethan Blanton <elb at> wrote:
> Neither rand() nor g_rand_int() uses /dev/random

I didn't realize that.  How does the attached patch (against trunk)
look?  I suppose I should wrap it in #ifdef DEV_RANDOM_EXISTS or some
such.  Anyone think this should go into 2.x.y?  The code in question
is called from two places:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntlm_gensesskey_use_dev_random.diff
Type: application/octet-stream
Size: 957 bytes
Desc: not available
URL: <>

More information about the security mailing list