From bb3304c6afb4d751b3be96485a7d8a9c54f76cf7 Mon Sep 17 00:00:00 2001
From: Frederic Lecaille <flecaille@haproxy.com>
Date: Mon, 23 Feb 2026 10:39:59 +0100
Subject: [PATCH] CLEANUP: haterm: avoid static analyzer warnings about rand()
 use

Avoid such a warnings from coverity:

CID 1645121: (#1 of 1): Calling risky function (DC.WEAK_CRYPTO)
dont_call: random should not be used for security-related applications,
because linear congruential algorithms are too easy to break.

Reported in GH #3283 and #3285
---
 src/haterm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/haterm.c b/src/haterm.c
index 210509efd..05b3a306c 100644
--- a/src/haterm.c
+++ b/src/haterm.c
@@ -645,7 +645,7 @@ static void hstream_parse_uri(struct ist uri, struct hstream *hs)
 				} while (*next);
 
 				if (use_rand)
-					result = ((long long)random() * result) / ((long long)RAND_MAX + 1);
+					result = ((long long)ha_random64() * result) / ((long long)RAND_MAX + 1);
 
 				switch (*arg) {
 				case 's':
@@ -1016,7 +1016,7 @@ static int hstream_build_responses(void)
 	}
 
 	for (i = 0; i < random_resp_len; i++)
-		random_resp[i] = rand() >> 16;
+		random_resp[i] = ha_random32() >> 16;
 
 	return 1;
 }
-- 
2.47.3