Replace arc4random() % i by arc4random_uniform(i) to avoid modulo bias.

Part of a diff by Matthew Martin, reviewed by deraadt@ and me.

ok deraadt@

2 files changed, 6 insertions, 5 deletions

diff --git a/usr.sbin/npppd/common/slist.c b/usr.sbin/npppd/common/slist.c
index 90d2bb675cf..bb51af25e24 100644
--- a/usr.sbin/npppd/common/slist.c
+++ b/usr.sbin/npppd/common/slist.c
@@ -1,3 +1,4 @@
+/*	$OpenBSD: slist.c,v 1.7 2015/12/17 07:56:01 tb Exp $ */
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
  * All rights reserved.
@@ -434,7 +435,7 @@ slist_shuffle(slist *list)
 
 	len = slist_length(list);
 	for (i = len; i > 1; i--)
-		slist_swap0(list, i - 1, (int)(arc4random() % i));
+		slist_swap0(list, i - 1, (int)arc4random_uniform(i));
 }
 
 /** Init an iterator. Only one iterator exists.  */
diff --git a/usr.sbin/npppd/pptp/pptpd.c b/usr.sbin/npppd/pptp/pptpd.c
index a60a89d6fe7..be00b47c9bd 100644
--- a/usr.sbin/npppd/pptp/pptpd.c
+++ b/usr.sbin/npppd/pptp/pptpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pptpd.c,v 1.28 2015/12/05 18:43:36 mmcc Exp $	*/
+/*	$OpenBSD: pptpd.c,v 1.29 2015/12/17 07:56:01 tb Exp $	*/
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -25,12 +25,12 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
-/* $Id: pptpd.c,v 1.28 2015/12/05 18:43:36 mmcc Exp $ */
+/* $Id: pptpd.c,v 1.29 2015/12/17 07:56:01 tb Exp $ */
 
 /**@file
  * This file provides a implementation of PPTP daemon.  Currently it
  * provides functions for PAC (PPTP Access Concentrator) only.
- * $Id: pptpd.c,v 1.28 2015/12/05 18:43:36 mmcc Exp $
+ * $Id: pptpd.c,v 1.29 2015/12/17 07:56:01 tb Exp $
  */
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -122,7 +122,7 @@ pptpd_init(pptpd *_this)
 	for (i = 0; i < countof(call) ; i++)
 		call[i] = i + 1;
 	for (i = countof(call); i > 1; i--) {
-		m = arc4random() % i;
+		m = arc4random_uniform(i);
 		call0 = call[m];
 		call[m] = call[i - 1];
 		call[i - 1] = call0;