From d27c820595175ed563b4d4ee5d0f421011891572 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 22 Aug 2022 15:43:18 -0500
Subject: [PATCH 3/3] tempname: don't lose entropy in seed

* lib/tempname.c (random_bits): Don't lose entropy in S
in the rare case where where the template has more than 10 Xs.
From a suggestion by Bruno Haible in:
https://bugs.gnu.org/57129#149
---
 ChangeLog      |  7 +++++++
 lib/tempname.c | 11 +++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ed99c845f7..4d1c92cd81 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2022-08-22  Paul Eggert  <eggert@cs.ucla.edu>
 
+	tempname: don't lose entropy in seed
+	* lib/tempname.c (random_bits): Don't lose entropy in S
+	in the rare case where where the template has more than 10 Xs.
+	From a suggestion by Bruno Haible in:
+	https://bugs.gnu.org/57129#149
+
 	tempname: fix multithreading, ASLR leak etc.
 	Fix problems with tempname and multithreading, entropy loss,
 	and missing clock data (this last on non-GNU platforms).
@@ -23,6 +29,7 @@
 	Do not try to use a static var as that has issues if multithreaded.
 	Instead, simply generate new random bits.
 	Worry about bias only with high-quality random bits.
+
 	* modules/tempname (Depends-on): Do not depend on stdalign.
 
 	tempname: merge 64-bit time_t fix from glibc
diff --git a/lib/tempname.c b/lib/tempname.c
index bc1f7c14dd..0e2f29f5de 100644
--- a/lib/tempname.c
+++ b/lib/tempname.c
@@ -114,7 +114,7 @@ random_bits (random_value *r, random_value s)
 
      Of course we are in a state of sin here.  */
 
-  random_value v = 0;
+  random_value v = s;
 
 #if _LIBC || (defined CLOCK_REALTIME && HAVE_CLOCK_GETTIME)
   struct __timespec64 tv;
@@ -298,7 +298,9 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
   /* A random variable.  */
   random_value v = 0;
 
-  /* How many random base-62 digits can currently be extracted from V.  */
+  /* A value derived from the random variable, and how many random
+     base-62 digits can currently be extracted from VDIGBUF.  */
+  random_value vdigbuf;
   int vdigits = 0;
 
   /* Least biased value for V.  If V is less than this, V can generate
@@ -327,11 +329,12 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
               while (random_bits (&v, v) && biased_min <= v)
                 continue;
 
+              vdigbuf = v;
               vdigits = BASE_62_DIGITS;
             }
 
-          XXXXXX[i] = letters[v % 62];
-          v /= 62;
+          XXXXXX[i] = letters[vdigbuf % 62];
+          vdigbuf /= 62;
           vdigits--;
         }
 
-- 
2.37.2