On Friday 13 April 2012, Hugh Waite wrote:
I have a question about random number generation within kamailio.
A number of modules use rand() to get a random value and in some places is re-seeding with srand(). I believe this is dangerous because rand() is used in the Via branch tag generator. We have detected some real bugs (where srand is reseeding with 0 for every message, causing transaction mis-matching) but I'm not sure of the correct way to fix this (other than remove srand()).
Should all modules be using a 'core' random function (e.g. in srutils?) ? And if so, is this library documented?
Regards, Hugh
Hi Hugh,
for the purpose getting a pseudo-random number (i.e. not for cryptographic functionality) we should consolidate on a single random function. There is the recent introduced srutils/sruid code, then there exists a (IMHO stronger) pseudo-random number generator in rand/fastrand and then there is of course rand().
Maybe Daniel can comment about the purpose of the srutils function, IMHO consolidating on fastrand or one of the stronger function (d_rand etc..) from stdlib.h would be fine.
The re-seeding the internal state of rand() with srand during runtime sounds wrong toe me and should be removed/ fixed.
Viele Grüße/ best regards,
Henning Westerholt