BUG: glibc-2.5.1-arc4_prng-2.patch breaks strfry
robert at linuxfromscratch.org
Sun Apr 27 17:54:40 PDT 2008
The intention was to use high quality randomness whereever possible. Do you
see any way arc4random() can continue to be used? Do you have a test program
for strfry() so I can test this?
On Sunday April 27 2008 04:34:25 am mordae at anilinux.org wrote:
> Hi robert,
> I was reading Glibc patches and found this part:
> char *
> strfry (char *string)
> - return string;
> + return (char)arc4random();
> If you look into manual page or read the deleted code, you may get what
> is wrong. The strfry() function randomizes the contents of string by using
> rand(3) to randomly swap characters in the string. The result is an anagram
> of string. Anagram. Swapped characters. Not to mention that given code will
> return random character instead of string, which will segfault anything
> using strfry. Accidentally, strfry is such an exotic thing nobody actually
> uses it.
> So, please, just remove that part of the patch. And do not try to use
> arc4random to generate randomness for swapping. rand(3) is assumed to
> return same results with the same seed on, at least, the very same machine.
> Have a nice day.
> - Mordae
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the hlfs-dev