From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Wed, 3 Jul 2024 18:26:59 +0000 (-0600)
Subject: rand_r(): Separate seed and random number
X-Git-Tag: 1.6.3~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=19f39728a0800bee64e54b5abfff555714a77f46;p=thirdparty%2FFORT-validator.git

rand_r(): Separate seed and random number

Enforces originally intended usage of rand_r()'s API.
Mostly just paranoia, maybe.
---

diff --git a/src/object/manifest.c b/src/object/manifest.c
index 779d2f40..bee421ce 100644
--- a/src/object/manifest.c
+++ b/src/object/manifest.c
@@ -194,13 +194,13 @@ build_rpp(struct Manifest *mft, struct rpki_uri *notif,
     struct rpki_uri *mft_uri, struct rpp **pp)
 {
 	char const *tal;
-	int i, j;
+	unsigned int i, j;
 	struct FileAndHash *fah, *tmpfah;
 	struct rpki_uri *uri;
 	int error;
-	unsigned int rnd;
+	unsigned int seed, rnd;
 
-	rnd = time(NULL) ^ getpid();
+	seed = time(NULL) ^ getpid();
 
 	*pp = rpp_create();
 
@@ -208,7 +208,7 @@ build_rpp(struct Manifest *mft, struct rpki_uri *notif,
 
 	/* Fisher-Yates shuffle with modulo bias */
 	for (i = 0; i < mft->fileList.list.count - 1; i++) {
-		rnd = rand_r(&rnd);
+		rnd = rand_r(&seed);
 		j = i + rnd % (mft->fileList.list.count - i);
 		tmpfah = mft->fileList.list.array[j];
 		mft->fileList.list.array[j] = mft->fileList.list.array[i];