13 Apr
2012
13 Apr
'12
4:50 p.m.
On Friday 13 April 2012, Hugh Waite wrote:
I have a question about random number generation
within kamailio.
A number of modules use rand() to get a random value and in some places
is re-seeding with srand(). I believe this is dangerous because rand()
is used in the Via branch tag generator.
We have detected some real bugs (where srand is reseeding with 0 for
every message, causing transaction mis-matching) but I'm not sure of the
correct way to fix this (other than remove srand()).
Should all modules be using a 'core' random function (e.g. in srutils?)
? And if so, is this library documented?
Regards,
Hugh
Hi Hugh,
for the purpose getting a pseudo-random number (i.e. not for cryptographic
functionality) we should consolidate on a single random function. There is the
recent introduced srutils/sruid code, then there exists a (IMHO stronger)
pseudo-random number generator in rand/fastrand and then there is of course
rand().
Maybe Daniel can comment about the purpose of the srutils function, IMHO
consolidating on fastrand or one of the stronger function (d_rand etc..) from
stdlib.h would be fine.
The re-seeding the internal state of rand() with srand during runtime sounds
wrong toe me and should be removed/ fixed.
Viele Grüße/ best regards,
Henning Westerholt