apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: UUID generation stomps srand/rand seed
Date Tue, 18 Apr 2006 08:43:48 GMT
On Fri, Apr 14, 2006 at 11:39:32AM -0400, Greg Hudson wrote:
> While reviewing the "APR-util UUID generator broken" thread, I noticed
> the following code:
> 
> -    get_system_time(&time_now);
> +    time_now = apr_time_now();
>      srand((unsigned int)(((time_now >> 32) ^ time_now) & 0xffffffff));
> 
>      return rand() & 0x0FFFF;
> 
> Regardless of how time_now is determined, the application may be using
> the srand/rand mechanism itself.  It seems inappropriate for a library
> to stomp on the seed.

That code is only a fallback for when no external/OS-provided UUID 
generation is used, and apr_generate_random_bytes() is not available or 
fails.  Any modern Linux/BSD platform will satisfy the first constraint 
(with APR 1.0.3 and later), and the latter covers most of the rest.

joe

Mime
View raw message