Package: passwd Version: 1:4.1.5.1-1 Severity: wishlist Dear Maintainer,
function SHA_salt_size() in file libmisc/salt.c uses random() to get random number and divides it by RAND_MAX. This is incorrect. RAND_MAX macro is designed for C standard fucntion rand() (value of the RAND_MAX macro shall be at least 32767) [1] But random() returns numbers in the range from 0 to 2^31-1 [2]. So, random()/RAND_MAX could result in a value > 1. I propose to replace RAND_MAX with LONG_MAX. [1] http://pubs.opengroup.org/onlinepubs/009695399/functions/rand.html [2] http://pubs.opengroup.org/onlinepubs/7908799/xsh/initstate.html -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages passwd depends on: ii debianutils 4.3.1 ii libc6 2.13-33 ii libpam-modules 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libselinux1 2.1.9-2 ii libsemanage1 2.1.6-2 passwd recommends no packages. passwd suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org