diff mbox series

[BlueZ,V2,2/5] peripheral: Replace random number generation function

Message ID 20211208223923.519664-3-hj.tedd.an@gmail.com
State New
Headers show
Series Replace random number generation function | expand

Commit Message

Tedd Ho-Jeong An Dec. 8, 2021, 10:39 p.m. UTC 
From: Tedd Ho-Jeong An <tedd.an@intel.com>

This patch replaces the rand() function to the getrandom() syscall.

It was reported by the Coverity scan
  rand() should not be used for security-related applications, because
  linear congruential algorithms are too easy to break
---
 peripheral/main.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
diff mbox series

Patch

diff --git a/peripheral/main.c b/peripheral/main.c
index 86b52236e..0f5210403 100644
--- a/peripheral/main.c
+++ b/peripheral/main.c
@@ -25,6 +25,7 @@ 
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/mount.h>
+#include <sys/random.h>
 
 #ifndef WAIT_ANY
 #define WAIT_ANY (-1)
@@ -191,11 +192,11 @@  int main(int argc, char *argv[])
 							addr, 6) < 0) {
 			printf("Generating new persistent static address\n");
 
-			addr[0] = rand();
-			addr[1] = rand();
-			addr[2] = rand();
-			addr[3] = 0x34;
-			addr[4] = 0x12;
+			if (getrandom(addr, sizeof(addr), 0) < 0) {
+				perror("Failed to get random static address");
+				return EXIT_FAILURE;
+			}
+			/* Overwrite the MSB to make it a static address */
 			addr[5] = 0xc0;
 
 			efivars_write("BluetoothStaticAddress",