From b94d538633b6cf9a775f24c26b110e685768acda Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@redhat.com>
Date: Thu, 12 Nov 2009 10:39:54 +0000
Subject: [PATCH] [Bugfix] Use /dev/urandom when available for xauth cookie
 generation (alan dot coopersmith at sun dot com)

git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/branches/1_0@3921 3789f03b-4d11-0410-bbf8-ca57d06f2519
---
 unix/vncserver | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/unix/vncserver b/unix/vncserver
index 90ef0d24..28764cbe 100755
--- a/unix/vncserver
+++ b/unix/vncserver
@@ -189,16 +189,25 @@ $vncPort = 5900 + $displayNumber;
 $desktopLog = "$vncUserDir/$host:$displayNumber.log";
 unlink($desktopLog);
 
-# Make an X server cookie - use as the seed the sum of the current time, our
-# PID and part of the encrypted form of the password.  Ideally we'd use
-# /dev/urandom, but that's only available on Linux.
-
-srand(time+$$+unpack("L",`cat $vncUserDir/passwd`));
-$cookie = "";
-for (1..16) {
+# Make an X server cookie - use /dev/urandom on systems that have it,
+# otherwise use perl's random number generator, seeded with the sum
+# of the current time, our PID and part of the encrypted form of the password.
+
+my $cookie = "";
+if (open(URANDOM, '<', '/dev/urandom')) {
+  my $randata;
+  if (sysread(URANDOM, $randata, 16) == 16) {
+    $cookie = unpack 'h*', $randata;
+  }
+  close(URANDOM);
+}
+if ($cookie eq "") {
+  srand(time+$$+unpack("L",`cat $vncUserDir/passwd`));
+  for (1..16) {
     $cookie .= sprintf("%02x", int(rand(256)) % 256);
+  }
 }
-    
+
 system("xauth -f $xauthorityFile add $host:$displayNumber . $cookie");
 system("xauth -f $xauthorityFile add $host/unix:$displayNumber . $cookie"); 
 
-- 
2.39.5