Use a better interface for random numbers than rand,
plus some useless floating point arithmetic.
Cc: Gerd Hoffmann <kra...@redhat.com>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
---
v2: Use qcrypto_random_bytes, not qemu_getrandom, as there is
no need for deterministic results for this interface.
---
ui/vnc.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index 1871422e1d..9fa586dfa0 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -43,6 +43,7 @@
#include "crypto/hash.h"
#include "crypto/tlscredsanon.h"
#include "crypto/tlscredsx509.h"
+#include "crypto/random.h"
#include "qom/object_interfaces.h"
#include "qemu/cutils.h"
#include "io/dns-resolver.h"
@@ -2537,12 +2538,7 @@ void start_client_init(VncState *vs)
static void make_challenge(VncState *vs)
{
- int i;
-
- srand(time(NULL)+getpid()+getpid()*987654+rand());
-
- for (i = 0 ; i < sizeof(vs->challenge) ; i++)
- vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
+ qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &error_fatal);
}
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
--
2.17.1
