On 1/1/23 01:08, Alejandro Colomar wrote:
On 12/31/22 20:08, Alejandro Colomar wrote:This makes the code much more readable and self-documented. While doing this, I noticed a few bugs, and other cases which may be bugs or not. Switching to this specialized API makes it easier to spot such bugs, but since I'm not familiar with the code, I kept some bugs unfixed. The most obvious ones (although I may be wrong) I fixed them. And in some cases where it was very unclear, I didn't touch the old *_uniform() code. Below are the cases where I changed the behavior (I considered it a bug): * usr.bin/ssh/auth.c: - *cp = hashchars[arc4random_uniform(sizeof(hashchars) - 1)]; + *cp = hashchars[arc4random_range(0, sizeof(hashchars) - 1)];Reconsidering, this one is probably better just as arc4random_uniform(sizeof(hashchars)).
I was also wrong here.I was confused by the implicit strlen() calculation with sizeof()-1, whose -1 was cancelled by the +1.
-- <http://www.alejandro-colomar.es/>
OpenPGP_signature
Description: OpenPGP digital signature
