I think I have a fix that should prevent me from kicking myself in the butt, again:
--- string/strfry.c.orig 2008-05-05 23:56:08.000000000 +0000
+++ string/strfry.c 2008-05-05 23:58:05.000000000 +0000
@@ -32,7 +32,7 @@
{
static char state[32];
rdata.state = NULL;
- __initstate_r (time ((time_t *) NULL) ^ getpid (),
+ __initstate_r (arc4random(),
state, sizeof (state), &rdata);
init = 1;
}
I tested with a small program I found on a Debian mailing list:
#define _GNU_SOURCE /* strfry() */
#include <stdio.h> /* printf() */
#include <stdlib.h> /* malloc() */
#include <string.h> /* strfry(), strncpy() */
int main(int argc, char **argv) {
char *string;
string = malloc(sizeof(char) * 8);
(void) strncpy(string, "bletch", sizeof(char) * 8);
(void) printf("%s\n", string);
(void) strncpy(string, "greunk", sizeof(char) * 8);
(void) strfry(string);
(void) printf("%s\n", string);
free(string);
return 0;
}
Please let me know if this works, or if there are additional comments.
robert
pgpeKPYu3Neel.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
