gzhttp: Fix crypto/rand.Read usage (#770)

rand.Reader.Read(p) is allowed to return < len(p) bytes and no error, and the Mac implementation sometimes does. I don't know if it will do that for len(p) == 4, but rand.Read is safer in any case.
klauspost · Mar 7, 2023 · 0ba0010 · 0ba0010
1 parent cd2407a
commit 0ba0010
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/gzhttp/compress.go b/gzhttp/compress.go
@@ -231,9 +231,9 @@ func (w *GzipResponseWriter) startGzip(remain []byte) error {
 			} else {
 				// Get from rand.Reader
 				var tmp [4]byte
-				_, err := rand.Reader.Read(tmp[:])
+				_, err := rand.Read(tmp[:])
 				if err != nil {
-					return err
+					return fmt.Errorf("gzhttp: %w", err)
 				}
 				jitRNG = binary.LittleEndian.Uint32(tmp[:])
 			}