tools/btgatt-server: Replace random number generation function

This patch replaces the rand() function to the getrandom() syscall.

It was reported by the Coverity scan
  rand() should not be used for security-related applications, because
  linear congruential algorithms are too easy to break

Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 4b592a6..6596971 100755 (executable)
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -19,6 +19,7 @@
 #include <getopt.h>
 #include <unistd.h>
 #include <errno.h>
+#include <sys/random.h>
 
 #include "lib/bluetooth.h"
 #include "lib/hci.h"
@@ -283,9 +284,13 @@ static bool hr_msrmt_cb(void *user_data)
        uint16_t len = 2;
        uint8_t pdu[4];
        uint32_t cur_ee;
+       uint32_t val;
+
+       if (getrandom(&val, sizeof(val), 0) < 0)
+               return false;
 
        pdu[0] = 0x06;
-       pdu[1] = 90 + (rand() % 40);
+       pdu[1] = 90 + (val % 40);
 
        if (expended_present) {
                pdu[0] |= 0x08;