From c32cf33a16d31eeff9a66a1e73ce58b6791dd54d Mon Sep 17 00:00:00 2001
From: Patrick Monnerat <Patrick.Monnerat@datasphere.ch>
Date: Mon, 15 Jun 2009 10:15:28 +0000
Subject: [PATCH] Replaced use of standard C library rand()/srand() by our own
 pseudo-random number generator.

---
 CHANGES        |  4 ++++
 lib/easy.c     |  5 +++++
 lib/formdata.c | 35 ++++++++++++++++++++++++++++++-----
 lib/formdata.h |  3 +++
 4 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 549f9fff3..be16f61da 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Patrick Monnerat (15 Jun 2009)
+- Replaced use of standard C library rand()/srand() by our own pseudo-random
+  number generator.
+
 Yang Tse (11 Jun 2009)
 - I adapted testcurl script to allow building test harness programs when
   cross-compiling for a *-*-mingw* host.
diff --git a/lib/easy.c b/lib/easy.c
index 70aa5a097..10b1bd3ee 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -85,6 +85,7 @@
 #include "http_ntlm.h"
 #include "connect.h" /* for Curl_getconnectinfo */
 #include "slist.h"
+#include "formdata.h"   /* For Curl_srand(). */
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -289,6 +290,10 @@ CURLcode curl_global_init(long flags)
 
   init_flags  = flags;
 
+  /* Preset pseudo-random number sequence. */
+
+  Curl_srand();
+
   return CURLE_OK;
 }
 
diff --git a/lib/formdata.c b/lib/formdata.c
index f2a4892bf..8538e9f91 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -108,6 +108,12 @@ Content-Disposition: form-data; name="FILECONTENT"
 /* Length of the random boundary string. */
 #define BOUNDARY_LENGTH 40
 
+/* Private pseudo-random number seed. Unsigned integer >= 32bit. Threads
+   mutual exclusion is not implemented to acess it since we do not require
+   high quality random numbers (only used in form boudary generation). */
+
+static unsigned int     randseed;
+
 #if !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY)
 
 #include <stdio.h>
@@ -1597,6 +1603,8 @@ int main(int argc, argv_item_t argv[])
   (void) argc;
   (void) argv;
 
+  Curl_srand();         /* Because we do not call curl_global_init() here. */
+
   if(FormAddTest("simple COPYCONTENTS test", &httppost, &last_post,
                   CURLFORM_COPYNAME, name1, CURLFORM_COPYCONTENTS, value1,
                   CURLFORM_END))
@@ -1733,8 +1741,6 @@ void curl_formfree(struct curl_httppost *form)
 char *Curl_FormBoundary(void)
 {
   char *retstring;
-  static int randomizer;   /* this is just so that two boundaries within
-                              the same form won't be identical */
   size_t i;
 
   static const char table16[]="0123456789abcdef";
@@ -1744,12 +1750,10 @@ char *Curl_FormBoundary(void)
   if(!retstring)
     return NULL; /* failed */
 
-  srand((unsigned int)time(NULL)+randomizer++); /* seed */
-
   strcpy(retstring, "----------------------------");
 
   for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++)
-    retstring[i] = table16[rand()%16];
+    retstring[i] = table16[Curl_rand()%16];
 
   /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416)
      combinations */
@@ -1759,3 +1763,24 @@ char *Curl_FormBoundary(void)
 }
 
 #endif  /* !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY) */
+
+/* Pseudo-random number support. This is always enabled, since called from
+   curl_global_init(). */
+
+unsigned int Curl_rand(void)
+{
+  unsigned int r;
+  /* Return an unsigned 32-bit pseudo-random number. */
+  r = randseed = randseed * 1103515245 + 12345;
+  return (r << 16) | ((r >> 16) & 0xFFFF);
+}
+
+void Curl_srand(void)
+{
+  /* Randomize pseudo-random number sequence. */
+
+  randseed = (unsigned int) time(NULL);
+  Curl_rand();
+  Curl_rand();
+  Curl_rand();
+}
diff --git a/lib/formdata.h b/lib/formdata.h
index 04f139322..0d9400a15 100644
--- a/lib/formdata.h
+++ b/lib/formdata.h
@@ -97,5 +97,8 @@ void Curl_formclean(struct FormData **);
 
 CURLcode Curl_formconvert(struct SessionHandle *, struct FormData *);
 
+void Curl_srand(void);
+unsigned int Curl_rand(void);
+
 #endif