Hi,
attached patch uses arc4random instead of rand/srand on systems where available.
As far as I know the random numbers used in qlgt are only for randomly choosing
some colors for lines,
so not really security related problem due to choosing weak random numbers, and
colors for lines ;)
Anyways on OpenBSD -current now when linking, warnings are shown, telling me
that using
rand, random and friends is generally not a good choice.
I added the attached patch when updating QLGT to 1.7.3 in the OpenBSD ports
tree, and should
work on all systems that have arc4random available. Could it be considered to
be included
to the main QLGT source?
cheers,
Sebastian
$OpenBSD: patch-config_h_cmake,v 1.1 2013/09/12 16:30:59 sebastia Exp $
use arc4random
--- config.h.cmake.orig Thu Sep 12 08:36:49 2013
+++ config.h.cmake Thu Sep 12 08:37:05 2013
@@ -19,6 +19,8 @@
#cmakedefine HAVE_BIGENDIAN 1
+#cmakedefine HAVE_ARC4RANDOM 1
+
/* build with native file dialogs */
#define FILE_DIALOG_FLAGS ${FILEDIALOGFLAGS}
$OpenBSD: patch-ConfigureChecks_cmake,v 1.1 2013/09/12 16:30:59 sebastia Exp $
use arc4random
--- ConfigureChecks.cmake.orig Wed Sep 11 15:08:42 2013
+++ ConfigureChecks.cmake Wed Sep 11 15:09:18 2013
@@ -31,6 +31,8 @@ check_include_file(byteswap.h HAVE_BYTESWAP_H)
test_big_endian(HAVE_BIGENDIAN)
+check_function_exists(arc4random HAVE_ARC4RANDOM)
+
# check if we're on a 64bit host
if(CMAKE_SIZEOF_VOID_P MATCHES "8")
SET(HOST_IS_64_BIT 1)
$OpenBSD: patch-3rdparty_map2jnx_main_cpp,v 1.1 2013/09/12 16:30:59 sebastia Exp $
use arc4random
--- 3rdparty/map2jnx/main.cpp.orig Mon Jun 17 14:27:52 2013
+++ 3rdparty/map2jnx/main.cpp Thu Sep 12 09:09:12 2013
@@ -14,6 +14,7 @@
**********************************************************************************************/
+#include "config.h"
#ifdef _MSC_VER
#define fseeko _fseeki64
@@ -419,14 +420,20 @@ static uint32_t scale2jnx(double scale)
static char randChar()
{
char buf[2];
+#if defined(HAVE_ARC4RANDOM)
+ int r = (int)((arc4random() * 16.0) / UINT_MAX);
+#else
int r = (int)((rand() * 16.0) / RAND_MAX);
+#endif
sprintf(buf,"%X", r & 0x0F);
return buf[0];
}
static void createGUID(char * guid)
{
+#if !defined(HAVE_ARC4RANDOM)
srand((unsigned int)time(0));
+#endif
guid[0] = randChar();
guid[1] = randChar();
$OpenBSD: patch-src_CTrackDB_cpp,v 1.1 2013/09/12 16:30:59 sebastia Exp $
use arc4random
--- src/CTrackDB.cpp.orig Wed Aug 14 19:56:40 2013
+++ src/CTrackDB.cpp Thu Sep 12 09:08:18 2013
@@ -16,6 +16,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
**********************************************************************************************/
+#include "config.h"
+
#include <stdio.h>
#include <limits>
@@ -173,7 +175,11 @@ void CTrackDB::loadGPX(CGpx& gpx)
hasItems = true;
CTrack* track = new CTrack(this);
//preset a random color
+#if defined(HAVE_ARC4RANDOM)
+ track->setColor((arc4random() % 13)+1);
+#else
track->setColor((rand() % 13)+1);
+#endif
/*
* Global track information
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Qlandkartegt-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/qlandkartegt-users
