Hi!
Find comments embedded.
On 06/15/2012 05:08 PM, Christof Meerwald wrote:
On Fri, Jun 15, 2012 at 04:25:31PM +0400, Eugene Agafonov wrote:
Does jabberd2 work after is re-compiled with 12.04?
No.
That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1
Any details? Debug logs?
Anyway, I suspect you blame the following expat's function:
static unsigned long
generate_hash_secret_salt(void)
{
unsigned int seed = time(NULL) % UINT_MAX;
srand(seed);
return rand();
}
It is called once (per parser instance) with quite random value
based on current time.
That's the mostly recommended way to initialize pseudo-random
generator as far as I remember
so it looks safe for me.
No, the problem is that jabberd2 creates a new parser for each
connection and needs a random id for each connection. Now if there are
2 connections within a second, the random number generator gets
reseeded with the same initial value and you get the same random id
for both connections.
Thanks for details! I guess the patch is really needed ;-)
Stay tuned: it will come out soon.
BR, Eugene Agafonov
