Veracode static analysis results
Ethan Blanton
elb at pidgin.im
Sun Dec 30 14:41:07 EST 2012
Mark Doliner spake unto us the following wisdom:
> On Sat, Dec 29, 2012 at 5:35 PM, Ethan Blanton <elb at pidgin.im> wrote:
> > Neither rand() nor g_rand_int() uses /dev/random
>
> I didn't realize that. How does the attached patch (against trunk)
> look? I suppose I should wrap it in #ifdef DEV_RANDOM_EXISTS or some
> such. Anyone think this should go into 2.x.y? The code in question
> is called from two places:
> libpurple/proxy.c
> libpurple/protocols/simple/simple.c
Looks perfectly reasonable to me.
Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20121230/d8e44352/attachment.pgp>
More information about the security
mailing list