From 43974c5f3054c152cc424b16684829c19ae8dd6a Mon Sep 17 00:00:00 2001
From: hwx1054416 <heyaohua1@huawei.com>
Date: Wed, 25 Aug 2021 17:35:39 +0800
Subject: [PATCH] replace random with RAND_priv_bytes

---
 src/yppasswd.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/yppasswd.c b/src/yppasswd.c
index 04d041b..15b25e3 100644
--- a/src/yppasswd.c
+++ b/src/yppasswd.c
@@ -44,6 +44,7 @@
 #include <rpcsvc/yp_prot.h>
 #include <rpcsvc/ypclnt.h>
 #include <rpcsvc/yppasswd.h>
+#include <openssl/rand.h>
 
 #ifndef _
 #define _(String) gettext (String)
@@ -517,10 +518,11 @@ create_random_salt (char *salt, int num_chars)
 {
   int fd;
   unsigned char c;
+  unsigned char buf;
   int i;
   int res;
 
-  fd = open ("/dev/urandom", O_RDONLY);
+  fd = open ("/dev/random", O_RDONLY);
 
   for (i = 0; i < num_chars; i++)
     {
@@ -529,7 +531,16 @@ create_random_salt (char *salt, int num_chars)
         res = read (fd, &c, 1);
 
       if (res != 1)
-        c = random ();
+        {
+             while (!RAND_status ())
+                  RAND_seed (&buf, sizeof (buf));
+             if (RAND_priv_bytes (&buf, sizeof (buf)) != 1)
+               {
+                    printf ( _("Failed to generate a number.\n"));
+                    break;
+               }
+             c = buf;
+        }
 
       salt[i] = bin_to_ascii (c & 0x3f);
     }
-- 
1.8.3.1