On 12/08/2014 09:55 PM, Theo de Raadt wrote:
> Index: lib/libc/stdlib/mrand48.c
> ===================================================================
> RCS file: /cvs/src/lib/libc/stdlib/mrand48.c,v
> retrieving revision 1.3
> diff -u -p -u -r1.3 mrand48.c
> --- lib/libc/stdlib/mrand48.c 8 Aug 2005 08:05:37 -0000 1.3
> +++ lib/libc/stdlib/mrand48.c 8 Dec 2014 03:13:07 -0000
> @@ -19,6 +19,8 @@ extern unsigned short __rand48_seed[3];
> long
> mrand48(void)
> {
> + if (__rand48_deterministic == 0)
> + return arc4random();
> __dorand48(__rand48_seed);
> return ((long) __rand48_seed[2] << 16) + (long) __rand48_seed[1];
> }
POSIX says mrand48 is meant to return signed integers in the interval
[-2^31,2^31), but this code returns an unsigned 32-bit integer value.
