Hello, This line of code may cause difficult-to-trace side effects:
lib/formdata.c:1746, function Curl_FormBoundary() srand((unsigned int)time(NULL)+randomizer++); /* seed */ Note that srand() changes the rand() sequence globally for the whole application. Usually it is called only once when the program starts up - at least this is the recommended way to use it. The problem with this line of code is that it: 1. Called repeatedly. In fact, such usage makes the sequence produced by rand() *less* random. 2. It changes the global state without the main program's knowledge. What is worse, it tends to re-initialize rand() with the same initial value when called repeatedly at 1-second intervals. 3. It does not work well with forked applications. After the application forks some children, all of them will have the same 'randomizer' variable. Consequently, if two children call Curl_FormBoundary() within one second, the boundaries will be the same. I suggest to remove the call to srand() altogether, and give the application developer a chance to seed the random number generator. -- Best regards, Tetetest mailto:[email protected]
