diff --git a/lib/handshake.c b/lib/handshake.c
index 7c8310f6..e89bd016 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -421,7 +421,7 @@ handshake_0405(struct libwebsocket *wsi)
 				
 				if (ext_count)
 					*p++ = ',';
-				p += sprintf(p, ext_name);
+				p += sprintf(p, "%s", ext_name);
 				ext_count++;
 
 				/* instantiate the extension on this conn */
diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 80d17de6..9bb44b48 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -1187,8 +1187,9 @@ libwebsocket_service_fd(struct libwebsocket_context *context,
 					NULL, &p, (pkt + sizeof(pkt)) - p - 12);
 
 			p += sprintf(p, "\x0d\x0a");
-			
-			read(context->fd_random, p, 8);
+
+			if (libwebsockets_get_random(context, p, 8) != 8)
+				return -1;
 			memcpy(&challenge[8], p, 8);
 			p += 8;
 			
@@ -1242,7 +1243,7 @@ libwebsocket_service_fd(struct libwebsocket_context *context,
 			
 			if (ext_count)
 				*p++ = ',';
-			p += sprintf(p, ext->name);
+			p += sprintf(p, "%s", ext->name);
 			ext_count++;
 
 			ext++;