peripheral: Replace random number generation function

This patch replaces the rand() function to the getrandom() syscall.

It was reported by the Coverity scan
  rand() should not be used for security-related applications, because
  linear congruential algorithms are too easy to break

Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/peripheral/main.c b/peripheral/main.c
index 45e103f..b20006e 100755 (executable)
--- a/peripheral/main.c
+++ b/peripheral/main.c
@@ -24,6 +24,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/mount.h>
+#include <sys/random.h>
 
 #ifndef WAIT_ANY
 #define WAIT_ANY (-1)
@@ -190,11 +191,11 @@ int main(int argc, char *argv[])
                                                        addr, 6) < 0) {
                        printf("Generating new persistent static address\n");
 
-                       addr[0] = rand();
-                       addr[1] = rand();
-                       addr[2] = rand();
-                       addr[3] = 0x34;
-                       addr[4] = 0x12;
+                       if (getrandom(addr, sizeof(addr), 0) < 0) {
+                               perror("Failed to get random static address");
+                               return EXIT_FAILURE;
+                       }
+                       /* Overwrite the MSB to make it a static address */
                        addr[5] = 0xc0;
 
                        efivars_write("BluetoothStaticAddress",