From cb67500f230c60a5fbde307ded024c0837c248c5 Mon Sep 17 00:00:00 2001 From: Tedd Ho-Jeong An Date: Wed, 8 Dec 2021 14:39:21 -0800 Subject: [PATCH] tools/btgatt-server: Replace random number generation function This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break Signed-off-by: Anuj Jain Signed-off-by: Ayush Garg --- tools/btgatt-server.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c index 4b592a62..6596971f 100755 --- a/tools/btgatt-server.c +++ b/tools/btgatt-server.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "lib/bluetooth.h" #include "lib/hci.h" @@ -283,9 +284,13 @@ static bool hr_msrmt_cb(void *user_data) uint16_t len = 2; uint8_t pdu[4]; uint32_t cur_ee; + uint32_t val; + + if (getrandom(&val, sizeof(val), 0) < 0) + return false; pdu[0] = 0x06; - pdu[1] = 90 + (rand() % 40); + pdu[1] = 90 + (val % 40); if (expended_present) { pdu[0] |= 0x08; -- 2.34.1