On Sat, Mar 03, 2012 at 11:12:23PM -0500, Thor Lancelot Simon wrote: > Sorry, something was wrong with that diff. This one is right. > - arc4random_stir(); > - arc4random_buf(rnd, sizeof(rnd)); > + assert((read(urandom_fd, rnd, sizeof(rnd)) == sizeof(rnd))); This is very bad idea to execute code as an assert() condition. assert() is optional and if code is compiled with NDEBUG it will be turned into no-op and in your case no random data will be read at all, which makes this change dangerous. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl
Attachment:
pgp013gbneH_r.pgp
Description: PGP signature