[sr-dev] Re: [kamailio/kamailio] cdp: fixed issues discovered during static code analysis (PR #4030)

@henningw commented on this pull request.

@@ -236,7 +236,7 @@ int diameter_peer_start(int blocking)

int seed; peer *p;

- seed = random(); + seed = kam_rand();

It looks like this seed is later used to seed the glibc random number generator for (sub-) processes? If yes, then you probably want to use cryptorand() for it. This is an internal kamailio function that returns a cryptographically secure random number. The kam_rand() is just a define for rand() from the glibc, which is quite weak security wise.

This applies also to the other places below.

Please also have a look if you are not seeding the main process again, as this is already done in main.c and core/pt.c