This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
#include <stdint.h>
#include <stdbool.h>
#include <unistd.h>
#include <stdint.h>
#include <stdbool.h>
#include <unistd.h>
static void *generate_echo_packet(void)
{
uint8_t *buf;
static void *generate_echo_packet(void)
{
uint8_t *buf;
buf = g_malloc(HDP_ECHO_LEN);
buf = g_malloc(HDP_ECHO_LEN);
+ if (!buf)
+ return NULL;
- for(i = 0; i < HDP_ECHO_LEN; i++)
- buf[i] = rand() % UINT8_MAX;
+ if (getrandom(buf, HDP_ECHO_LEN, 0) < 0) {
+ g_free(buf);
+ return NULL;
+ }
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
{
struct mcap_mcl *mcl;
struct connect_mcl *con;
{
struct mcap_mcl *mcl;
struct connect_mcl *con;
mcl = find_mcl(mi->mcls, addr);
if (mcl) {
mcl = find_mcl(mi->mcls, addr);
if (mcl) {
mcl->state = MCL_IDLE;
bacpy(&mcl->addr, addr);
set_default_cb(mcl);
mcl->state = MCL_IDLE;
bacpy(&mcl->addr, addr);
set_default_cb(mcl);
- mcl->next_mdl = (rand() % MCAP_MDLID_FINAL) + 1;
+ if (getrandom(&val, sizeof(val), 0) < 0) {
+ mcap_instance_unref(mcl->mi);
+ g_free(mcl);
+ return FALSE;
+ }
+ mcl->next_mdl = (val % MCAP_MDLID_FINAL) + 1;
}
mcl->ctrl |= MCAP_CTRL_CONN;
}
mcl->ctrl |= MCAP_CTRL_CONN;
bdaddr_t dst;
char address[18], srcstr[18];
GError *err = NULL;
bdaddr_t dst;
char address[18], srcstr[18];
GError *err = NULL;
mcl->mi = mcap_instance_ref(mi);
bacpy(&mcl->addr, &dst);
set_default_cb(mcl);
mcl->mi = mcap_instance_ref(mi);
bacpy(&mcl->addr, &dst);
set_default_cb(mcl);
- mcl->next_mdl = (rand() % MCAP_MDLID_FINAL) + 1;
+ if (getrandom(&val, sizeof(val), 0) < 0) {
+ mcap_instance_unref(mcl->mi);
+ g_free(mcl);
+ goto drop;
+ }
+ mcl->next_mdl = (val % MCAP_MDLID_FINAL) + 1;
}
set_mcl_conf(chan, mcl);
}
set_mcl_conf(chan, mcl);