random: fix random logic with getrandom

The older random functions returned random values in the range of
0 - RAND_MAX. This is what the http randomize code was expecting.

Newer methods, based on getrandom (or probably Windows too), return
a much large range of values, including negative values and >RAND_MAX.

This patch adds a wrapper to turn the returned value into the expected
range before using it in the http code.

The same is true for the stream engine.

src/app-layer-htp.c

@@ -2208,6 +2208,16 @@ static void HTPConfigSetDefaultsPhase1(HTPCfgRec *cfg_prec)
     return;
 }
 
+/* hack: htp random range code expects random values in range of 0-RAND_MAX,
+ * but we can get both <0 and >RAND_MAX values from RandomGet
+ */
+static int RandomGetWrap(void)
+{
+    long int r = RandomGet();
+    int r_int = r % (long int)RAND_MAX;
+    return abs(r_int);
+}
+
 /*
  * We have this splitup so that in case double decoding has been enabled
  * for query and path, they would be called first on the callback queue,
@@ -2220,12 +2230,12 @@ static void HTPConfigSetDefaultsPhase2(const char *name, HTPCfgRec *cfg_prec)
     if (cfg_prec->randomize) {
         int rdrange = cfg_prec->randomize_range;
 
-        long int r = RandomGet();
+        long int r = RandomGetWrap();
         cfg_prec->request.inspect_min_size +=
             (int) (cfg_prec->request.inspect_min_size *
                    (r * 1.0 / RAND_MAX - 0.5) * rdrange / 100);
 
-        r = RandomGet();
+        r = RandomGetWrap();
         cfg_prec->request.inspect_window +=
             (int) (cfg_prec->request.inspect_window *
                    (r * 1.0 / RAND_MAX - 0.5) * rdrange / 100);
@@ -2237,12 +2247,12 @@ static void HTPConfigSetDefaultsPhase2(const char *name, HTPCfgRec *cfg_prec)
                   cfg_prec->request.inspect_window);
 
 
-        r = RandomGet();
+        r = RandomGetWrap();
         cfg_prec->response.inspect_min_size +=
             (int) (cfg_prec->response.inspect_min_size *
                    (r * 1.0 / RAND_MAX - 0.5) * rdrange / 100);
 
-        r = RandomGet();
+        r = RandomGetWrap();
         cfg_prec->response.inspect_window +=
             (int) (cfg_prec->response.inspect_window *
                    (r * 1.0 / RAND_MAX - 0.5) * rdrange / 100);

src/stream-tcp.c

@@ -312,6 +312,16 @@ int StreamTcpInlineDropInvalid(void)
             && (stream_config.flags & STREAMTCP_INIT_FLAG_DROP_INVALID));
 }
 
+/* hack: stream random range code expects random values in range of 0-RAND_MAX,
+ * but we can get both <0 and >RAND_MAX values from RandomGet
+ */
+static int RandomGetWrap(void)
+{
+    long int r = RandomGet();
+    int r_int = r % (long int)RAND_MAX;
+    return abs(r_int);
+}
+
 /** \brief          To initialize the stream global configuration data
  *
  *  \param  quiet   It tells the mode of operation, if it is TRUE nothing will
@@ -540,7 +550,7 @@ void StreamTcpInitConfig(char quiet)
     }
 
     if (randomize) {
-        long int r = RandomGet();
+        long int r = RandomGetWrap();
         stream_config.reassembly_toserver_chunk_size +=
             (int) (stream_config.reassembly_toserver_chunk_size *
                    (r * 1.0 / RAND_MAX - 0.5) * rdrange / 100);
@@ -562,7 +572,7 @@ void StreamTcpInitConfig(char quiet)
     }
 
     if (randomize) {
-        long int r = RandomGet();
+        long int r = RandomGetWrap();
         stream_config.reassembly_toclient_chunk_size +=
             (int) (stream_config.reassembly_toclient_chunk_size *
                    (r * 1.0 / RAND_MAX - 0.5) * rdrange / 100);