Use a better interface for random numbers than rand,
plus some useless floating point arithmetic.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 ui/vnc.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 1871422e1d..cbdfa37c52 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -46,6 +46,7 @@
 #include "qom/object_interfaces.h"
 #include "qemu/cutils.h"
 #include "io/dns-resolver.h"
+#include "qemu/random.h"
 
 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
 #define VNC_REFRESH_INTERVAL_INC  50
@@ -2537,12 +2538,7 @@ void start_client_init(VncState *vs)
 
 static void make_challenge(VncState *vs)
 {
-    int i;
-
-    srand(time(NULL)+getpid()+getpid()*987654+rand());
-
-    for (i = 0 ; i < sizeof(vs->challenge) ; i++)
-        vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
+    qemu_getrandom(vs->challenge, sizeof(vs->challenge), false);
 }
 
 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
-- 
2.17.1

On Tue, Mar 12, 2019 at 11:26:29PM -0700, Richard Henderson wrote:
> Use a better interface for random numbers than rand,
> plus some useless floating point arithmetic.

> -    int i;
> -
> -    srand(time(NULL)+getpid()+getpid()*987654+rand());
> -
> -    for (i = 0 ; i < sizeof(vs->challenge) ; i++)
> -        vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
> +    qemu_getrandom(vs->challenge, sizeof(vs->challenge), false);

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>