From d5e30746bb2ea909c8e97e6c77b83aee6097a2ae Mon Sep 17 00:00:00 2001
From: Job Snijders <job@sobornost.net>
Date: Tue, 25 Jun 2024 07:24:04 +0000
Subject: [PATCH] Use thread-safe PRNG

rand() isn't thread-safe on all platforms (musl libc for example)
use rand_r() instead
---
 src/object/manifest.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/object/manifest.c b/src/object/manifest.c
index 7f188e2e..779d2f40 100644
--- a/src/object/manifest.c
+++ b/src/object/manifest.c
@@ -198,15 +198,18 @@ build_rpp(struct Manifest *mft, struct rpki_uri *notif,
 	struct FileAndHash *fah, *tmpfah;
 	struct rpki_uri *uri;
 	int error;
+	unsigned int rnd;
+
+	rnd = time(NULL) ^ getpid();
 
 	*pp = rpp_create();
 
 	tal = tal_get_file_name(validation_tal(state_retrieve()));
 
 	/* Fisher-Yates shuffle with modulo bias */
-	srand(time(NULL) ^ getpid());
 	for (i = 0; i < mft->fileList.list.count - 1; i++) {
-		j = i + rand() % (mft->fileList.list.count - i);
+		rnd = rand_r(&rnd);
+		j = i + rnd % (mft->fileList.list.count - i);
 		tmpfah = mft->fileList.list.array[j];
 		mft->fileList.list.array[j] = mft->fileList.list.array[i];
 		mft->fileList.list.array[i] = tmpfah;
-- 
2.47.2