From: Tedd Ho-Jeong An <tedd.an@xxxxxxxxx>
This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
Makefile.tools | 4 ++--
tools/btgatt-server.c | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/Makefile.tools b/Makefile.tools
index 63b52c386..45470b767 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -287,8 +287,8 @@ tools_btgatt_client_LDADD = src/libshared-mainloop.la \
tools_btgatt_server_SOURCES = tools/btgatt-server.c src/uuid-helper.c
tools_btgatt_server_LDADD = src/libshared-mainloop.la \
- lib/libbluetooth-internal.la
-
+ lib/libbluetooth-internal.la \
+ src/libshared-ell.la $(ell_ldadd)
tools_rctest_LDADD = lib/libbluetooth-internal.la
tools_l2test_LDADD = lib/libbluetooth-internal.la
diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 000145a3d..d2a877275 100644
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -20,6 +20,7 @@
#include <getopt.h>
#include <unistd.h>
#include <errno.h>
+#include <ell/ell.h>
#include "lib/bluetooth.h"
#include "lib/hci.h"
@@ -286,7 +287,7 @@ static bool hr_msrmt_cb(void *user_data)
uint32_t cur_ee;
pdu[0] = 0x06;
- pdu[1] = 90 + (rand() % 40);
+ pdu[1] = 90 + (l_getrandom_uint32() % 40);
if (expended_present) {
pdu[0] |= 0x08;
--
2.25.1
