This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
+#include <sys/random.h>
#ifndef WAIT_ANY
#define WAIT_ANY (-1)
addr, 6) < 0) {
printf("Generating new persistent static address\n");
- addr[0] = rand();
- addr[1] = rand();
- addr[2] = rand();
- addr[3] = 0x34;
- addr[4] = 0x12;
+ if (getrandom(addr, sizeof(addr), 0) < 0) {
+ perror("Failed to get random static address");
+ return EXIT_FAILURE;
+ }
+ /* Overwrite the MSB to make it a static address */
addr[5] = 0xc0;
efivars_write("BluetoothStaticAddress",