On Fri, Apr 14, 2006 at 11:39:32AM -0400, Greg Hudson wrote: > While reviewing the "APR-util UUID generator broken" thread, I noticed > the following code: > > - get_system_time(&time_now); > + time_now = apr_time_now(); > srand((unsigned int)(((time_now >> 32) ^ time_now) & 0xffffffff)); > > return rand() & 0x0FFFF; > > Regardless of how time_now is determined, the application may be using > the srand/rand mechanism itself. It seems inappropriate for a library > to stomp on the seed.
That code is only a fallback for when no external/OS-provided UUID generation is used, and apr_generate_random_bytes() is not available or fails. Any modern Linux/BSD platform will satisfy the first constraint (with APR 1.0.3 and later), and the latter covers most of the rest. joe
