BUG: glibc-2.5.1-arc4_prng-2.patch breaks strfry

Robert Connolly robert at linuxfromscratch.org
Sun Apr 27 17:54:40 PDT 2008

The intention was to use high quality randomness whereever possible. Do you 
see any way arc4random() can continue to be used? Do you have a test program 
for strfry() so I can test this?


On Sunday April 27 2008 04:34:25 am mordae at anilinux.org wrote:
> Hi robert,
> 	I was reading Glibc patches and found this part:
>  char *
>  strfry (char *string)
>  {
> ...
> -  return string;
> +  return (char)arc4random();
>  }
> 	If you look into manual page or read the deleted code, you may get what
> is wrong. The  strfry() function randomizes the contents of string by using
> rand(3) to randomly swap characters in the string. The result is an anagram
> of string. Anagram. Swapped characters. Not to mention that given code will
> return random character instead of string, which will segfault anything
> using strfry. Accidentally, strfry is such an exotic thing nobody actually
> uses it.
> 	So, please, just remove that part of the patch. And do not try to use
> arc4random to generate randomness for swapping. rand(3) is assumed to
> return same results with the same seed on, at least, the very same machine.
> Have a nice day.
> 	- Mordae

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080427/a7f78384/attachment.sig>

More information about the hlfs-dev mailing list