Replace the g_random_int() with the getrandom()

g_random_int() is not appropriate for cryptographic purposes

Change-Id: I15e5e3b64465a762d3249b77dde7313d93fff951
Signed-off-by: ilho kim <ilho159.kim@samsung.com>

diff --git a/plugin/app2sd/server/app2sd_internals_utils.c b/plugin/app2sd/server/app2sd_internals_utils.c
index 678ace0..494db6d 100644 (file)
--- a/plugin/app2sd/server/app2sd_internals_utils.c
+++ b/plugin/app2sd/server/app2sd_internals_utils.c
@@ -25,6 +25,7 @@
 #include <dirent.h>
 #include <glib.h>
 #include <storage-internal.h>
+#include <sys/random.h>
 
 #include "app2sd_internals.h"
 
@@ -354,6 +355,14 @@ char *_app2sd_generate_password(void)
                "!\"#$%&()*+,-./0123456789:;<=>?@ABCDE" \
                "FGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
        int i;
+       ssize_t s;
+       unsigned int rand_nums[PASSWD_LEN];
+
+       s = getrandom(rand_nums, sizeof(rand_nums), 0);
+       if (s < 0) {
+               _E("Failed to read random data errno : %d", errno);
+               return NULL;
+       }
 
        /* include null byte */
        passwd = (char *)malloc(sizeof(char) * (PASSWD_LEN + 1));
@@ -363,7 +372,7 @@ char *_app2sd_generate_password(void)
        }
 
        for (i = 0; i < PASSWD_LEN; i++)
-               passwd[i] = charset[g_random_int() % ASCII_PASSWD_CHAR];
+               passwd[i] = charset[rand_nums[i] % ASCII_PASSWD_CHAR];
        passwd[i] = '\0';
 
        return passwd;