[BlueZ PATCH 1/5] emulator: Replace random number generation function

Tedd Ho-Jeong An <hj.tedd.an@xxxxxxxxx> · Tue, 7 Dec 2021 16:54:42 -0800

From: Tedd Ho-Jeong An <tedd.an@xxxxxxxxx>

This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.

It was reported by the Coverity scan
  rand() should not be used for security-related applications, because
  linear congruential algorithms are too easy to break
---
 Makefile.tools | 3 ++-
 emulator/le.c  | 4 ++--
 emulator/phy.c | 6 ++++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/Makefile.tools b/Makefile.tools
index c7bdff83f..8312d4d27 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -93,7 +93,8 @@ emulator_btvirt_SOURCES = emulator/main.c monitor/bt.h \
 				emulator/phy.h emulator/phy.c \
 				emulator/amp.h emulator/amp.c \
 				emulator/le.h emulator/le.c
-emulator_btvirt_LDADD = lib/libbluetooth-internal.la src/libshared-mainloop.la
+emulator_btvirt_LDADD = lib/libbluetooth-internal.la src/libshared-mainloop.la \
+				src/libshared-ell.la $(ell_ldadd)
 
 emulator_b1ee_SOURCES = emulator/b1ee.c
 emulator_b1ee_LDADD = src/libshared-mainloop.la
diff --git a/emulator/le.c b/emulator/le.c
index 07a44c5f1..fed3a7815 100644
--- a/emulator/le.c
+++ b/emulator/le.c
@@ -21,6 +21,7 @@
 #include <sys/un.h>
 #include <sys/uio.h>
 #include <time.h>
+#include <ell/ell.h>
 
 #include "lib/bluetooth.h"
 #include "lib/hci.h"
@@ -506,8 +507,7 @@ static unsigned int get_adv_delay(void)
 	/* The advertising delay is a pseudo-random value with a range
 	 * of 0 ms to 10 ms generated for each advertising event.
 	 */
-	srand(time(NULL));
-	return (rand() % 11);
+	return (l_getrandom_uint32() % 11);
 }
 
 static void adv_timeout_callback(int id, void *user_data)
diff --git a/emulator/phy.c b/emulator/phy.c
index 2ae6ad3a2..570a9c975 100644
--- a/emulator/phy.c
+++ b/emulator/phy.c
@@ -22,6 +22,7 @@
 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <time.h>
+#include <ell/ell.h>
 
 #include "src/shared/util.h"
 #include "src/shared/mainloop.h"
@@ -152,6 +153,7 @@ static int create_tx_socket(void)
 struct bt_phy *bt_phy_new(void)
 {
 	struct bt_phy *phy;
+	uint64_t phy_id;
 
 	phy = calloc(1, sizeof(*phy));
 	if (!phy)
@@ -173,8 +175,8 @@ struct bt_phy *bt_phy_new(void)
 	mainloop_add_fd(phy->rx_fd, EPOLLIN, phy_rx_callback, phy, NULL);
 
 	if (!get_random_bytes(&phy->id, sizeof(phy->id))) {
-		srandom(time(NULL));
-		phy->id = random();
+		l_getrandom(&phy_id, sizeof(phy_id));
+		phy->id = phy_id;
 	}
 
 	bt_phy_send(phy, BT_PHY_PKT_NULL, NULL, 0);
-- 
2.25.1







