Veracode static analysis results

Ethan Blanton elb at
Sun Dec 30 14:41:07 EST 2012

Mark Doliner spake unto us the following wisdom:
> On Sat, Dec 29, 2012 at 5:35 PM, Ethan Blanton <elb at> wrote:
> > Neither rand() nor g_rand_int() uses /dev/random
> I didn't realize that.  How does the attached patch (against trunk)
> look?  I suppose I should wrap it in #ifdef DEV_RANDOM_EXISTS or some
> such.  Anyone think this should go into 2.x.y?  The code in question
> is called from two places:
> libpurple/proxy.c
> libpurple/protocols/simple/simple.c

Looks perfectly reasonable to me.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <>

More information about the security mailing list