CLEANUP: haterm: avoid static analyzer warnings about rand() use

Avoid such a warnings from coverity:

CID 1645121: (#1 of 1): Calling risky function (DC.WEAK_CRYPTO)
dont_call: random should not be used for security-related applications,
because linear congruential algorithms are too easy to break.

Reported in GH #3283 and #3285

diff --git a/src/haterm.c b/src/haterm.c
index 210509efdb0ad326645b9ed243cbd596b91290a0..05b3a306cecf74cbc14f8dcf74e12cc4a42c831f 100644 (file)
--- a/src/haterm.c
+++ b/src/haterm.c
@@ -645,7 +645,7 @@ static void hstream_parse_uri(struct ist uri, struct hstream *hs)
                                } while (*next);
 
                                if (use_rand)
-                                       result = ((long long)random() * result) / ((long long)RAND_MAX + 1);
+                                       result = ((long long)ha_random64() * result) / ((long long)RAND_MAX + 1);
 
                                switch (*arg) {
                                case 's':
@@ -1016,7 +1016,7 @@ static int hstream_build_responses(void)
        }
 
        for (i = 0; i < random_resp_len; i++)
-               random_resp[i] = rand() >> 16;
+               random_resp[i] = ha_random32() >> 16;
 
        return 1;
 }