From: Tedd Ho-Jeong An <tedd.an@intel.com>
Date: Wed, 8 Dec 2021 22:39:21 +0000 (-0800)
Subject: tools/btgatt-server: Replace random number generation function
X-Git-Tag: submit/tizen/20220313.220938~13
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cb67500f230c60a5fbde307ded024c0837c248c5;p=platform%2Fupstream%2Fbluez.git

tools/btgatt-server: Replace random number generation function

This patch replaces the rand() function to the getrandom() syscall.

It was reported by the Coverity scan
  rand() should not be used for security-related applications, because
  linear congruential algorithms are too easy to break

Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
---

diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 4b592a62..6596971f 100755
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -19,6 +19,7 @@
 #include <getopt.h>
 #include <unistd.h>
 #include <errno.h>
+#include <sys/random.h>
 
 #include "lib/bluetooth.h"
 #include "lib/hci.h"
@@ -283,9 +284,13 @@ static bool hr_msrmt_cb(void *user_data)
 	uint16_t len = 2;
 	uint8_t pdu[4];
 	uint32_t cur_ee;
+	uint32_t val;
+
+	if (getrandom(&val, sizeof(val), 0) < 0)
+		return false;
 
 	pdu[0] = 0x06;
-	pdu[1] = 90 + (rand() % 40);
+	pdu[1] = 90 + (val % 40);
 
 	if (expended_present) {
 		pdu[0] |= 0x08;