[FFmpeg-devel] [PATCH] change the order of params for av_init_random()

Baptiste Coudurier baptiste.coudurier
Mon Jan 5 22:30:40 CET 2009


Hi,

Michael Niedermayer wrote:
> On Mon, Jan 05, 2009 at 05:32:50PM +0100, Stefano Sabatini wrote:
>> On date Monday 2009-01-05 17:00:50 +0100, Michael Niedermayer
>> encoded:
>>> On Mon, Jan 05, 2009 at 02:44:34AM +0100, Stefano Sabatini wrote:
>>>  [...]
>>>> Index: ffmpeg/ffserver.c 
>>>> ===================================================================
>>>>  --- ffmpeg.orig/ffserver.c	2009-01-05 02:40:48.000000000 +0100
>>>>  +++ ffmpeg/ffserver.c	2009-01-05 02:41:00.000000000 +0100 @@
>>>> -4483,7 +4483,7 @@
>>>> 
>>>> unsetenv("http_proxy");             /* Kill the http_proxy */
>>>> 
>>>> -    av_init_random(av_gettime() + (getpid() << 16),
>>>> &random_state); +    av_random_init(&random_state, av_gettime()
>>>> + (getpid() << 16));
>>>> 
>>>> memset(&sigact, 0, sizeof(sigact)); sigact.sa_handler =
>>>> handle_child_exit;
>>> do we really have to export the pid and starttime to an attacker?
>>> 
>> Would be this more acceptable?
> 
> open /dev/random/ read into the seed if either fails use 0. thats
> IMHO ... iam not ffserver maintainer, and dont even know why ffserver
>  needs random numbers.

Apparently ffserver needs random data for RTSP/RTP session id. Not
really sure if random is really needed, more probably unique number,
IIRC this was discussed before but Im not RTSP/RTP expert.

-- 
Baptiste COUDURIER                              GnuPG Key Id: 0x5C1ABAAA
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
checking for life_signs in -lkenny... no




More information about the ffmpeg-devel mailing list