Reading the code to understand it's usage of timers, I think we can do
better here.
Instead of masking the difference between lower and upper bound to yield
a random summand that fits, instruct the API to limit their result
accordingly. 0x01fe = 510 = 810 - 300.
arc4random_uniform(upper_bound) returns `upper_bound - 1' as maximum, so
add one to make 810 a possible value for `i'.
Feedback? OK?
Index: net/if_spppsubr.c
===================================================================
RCS file: /cvs/src/sys/net/if_spppsubr.c,v
retrieving revision 1.175
diff -u -p -r1.175 if_spppsubr.c
--- net/if_spppsubr.c 21 Jun 2019 17:11:42 -0000 1.175
+++ net/if_spppsubr.c 22 Jun 2019 14:53:44 -0000
@@ -3580,7 +3580,7 @@ sppp_chap_tlu(struct sppp *sp)
* Compute the re-challenge timeout. This will yield
* a number between 300 and 810 seconds.
*/
- i = 300 + (arc4random() & 0x01fe);
+ i = 300 + arc4random_uniform(1 + 810 - 300);
timeout_add_sec(&sp->ch[IDX_CHAP], i);
}
