Tue Mar 7 20:17:12 2017 UTC ()
Apply patch (requested by mrg in ticket #1380):
Use arc4random when available to produce the auth cookie.
(80f62c54fbd50a3bbdf9c37258525098c9117830 upstream)


(snj)
diff -r1.1.1.5 -r1.1.1.5.40.1 xsrc/xfree/xc/lib/ICE/iceauth.c
cvs diff -r1.1.1.5 -r1.1.1.5.40.1 xsrc/xfree/xc/lib/ICE/Attic/iceauth.c (expand / switch to context diff)
--- xsrc/xfree/xc/lib/ICE/Attic/iceauth.c 2003/02/28 13:18:45 1.1.1.5
+++ xsrc/xfree/xc/lib/ICE/Attic/iceauth.c 2017/03/07 20:17:12 1.1.1.5.40.1
@@ -37,6 +37,10 @@
 
 static int binaryEqual ();
 
+#ifdef HAVE_LIBBSD
+#include <bsd/stdlib.h>	/* for arc4random_buf() */
+#endif
+
 static int was_called_state;
 
 /*
@@ -52,14 +56,19 @@
 
 {
     char    *auth;
+#ifndef HAVE_ARC4RANDOM_BUF
     long    ldata[2];
     int	    seed;
     int	    value;
     int	    i;
+#endif
     
     if ((auth = (char *) malloc (len + 1)) == NULL)
 	return (NULL);
 
+#ifdef HAVE_ARC4RANDOM_BUF
+    arc4random_buf(auth, len);
+#else
 #ifdef ITIMER_REAL
     {
 	struct timeval  now;
@@ -83,8 +92,8 @@
 	value = rand ();
 	auth[i] = value & 0xff;
     }
+#endif
     auth[len] = '\0';
-
     return (auth);
 }