On Sat, Feb 17, 2018 at 08:51:02PM +0000, Stuart Henderson wrote: > > + #include <arpa/inet.h> > > + #define strtok_ret strtok_r > > ++#ifdef __OpenBSD__ > > ++#define VENTRILO_RAND arc4random() > > ++#else > > + #define VENTRILO_RAND random() > > ++#endif > > + #else > > + #include <winsock.h> > > + #define strtok_ret strtok_s > > > *p = (((VENTRILO_RAND * 0x343fd) + 0x269ec3) >> 16) & 0x7fff; > > any idea what's going on here? >
The code is for checking a ventrilo server, the header points out that the alogirthm was developed by Luigi Auriemma as a result of reverse engineering the protocol. The implementation from the author seems to be: http://aluigi.altervista.org/papers/ventrilo3_handshake.c in this implementation the only random value is putbe(sbuff + 0x12, time(NULL),16); // rand useless number in both implementations the code is in the section handling the udp header. I guess they don't really care if the number is truly random. Perhaps we should not change that and let upstream decide on that single patch.