cups/http.c uses &data instead of data for RAND_seed #3079

Closed
michaelrsweet opened this Issue Jan 29, 2009 · 3 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Jan 29, 2009

Version: 1.3.9
CUPS.org User: yhardy

According to
http://www.openssl.org/docs/crypto/RAND_add.html

it seems cups/http.c has an extra '&' at RAND_seed.

Collaborator

michaelrsweet commented Jan 29, 2009

CUPS.org User: mike

Fixed in Subversion repository.

Collaborator

michaelrsweet commented Jan 29, 2009

"http.patch":

--- cups/http.c.orig 2009-01-16 23:44:18.000000000 +0200
+++ cups/http.c 2009-01-16 23:44:38.000000000 +0200
@@ -1177,7 +1177,7 @@
for (i = 0; i < sizeof(data); i ++)
data[i] = rand(); /* Yes, this is a poor source of random data... */

  • RAND_seed(&data, sizeof(data));
  • RAND_seed(data, sizeof(data));
    #endif /* HAVE_LIBSSL */
    }
Collaborator

michaelrsweet commented Jan 29, 2009

"str3079.patch":

Index: cups/http.c

--- cups/http.c (revision 8303)
+++ cups/http.c (working copy)
@@ -1188,16 +1188,16 @@

  • it is the best we can do (on others, this seed isn't even used...)
    */

-#ifdef WIN32
-#else
+# ifdef WIN32
+# else
gettimeofday(&curtime, NULL);
srand(curtime.tv_sec + curtime.tv_usec);
-#endif /* WIN32 /
+# endif /
WIN32 */

for (i = 0; i < sizeof(data); i ++)

  • data[i] = rand(); /* Yes, this is a poor source of random data... */
  • data[i] = rand();
  • RAND_seed(&data, sizeof(data));
  • RAND_seed(data, sizeof(data));
    #endif /* HAVE_LIBSSL */
    }

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment