[BlueZ PATCH 4/5] plugins: Replace random number generation function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Tedd Ho-Jeong An <tedd.an@xxxxxxxxx>

This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.

It was reported by the Coverity scan
  rand() should not be used for security-related applications, because
  linear congruential algorithms are too easy to break
---
 Makefile.plugins   | 1 +
 plugins/autopair.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Makefile.plugins b/Makefile.plugins
index 7693c767f..c771b2dfb 100644
--- a/Makefile.plugins
+++ b/Makefile.plugins
@@ -7,6 +7,7 @@ builtin_sources += plugins/wiimote.c
 
 builtin_modules += autopair
 builtin_sources += plugins/autopair.c
+builtin_ldadd += src/libshared-ell.la $(ell_ldadd)
 
 builtin_modules += policy
 builtin_sources += plugins/policy.c
diff --git a/plugins/autopair.c b/plugins/autopair.c
index 665a4f4a6..474209fd2 100644
--- a/plugins/autopair.c
+++ b/plugins/autopair.c
@@ -17,6 +17,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
+#include <ell/ell.h>
 
 #include <glib.h>
 
@@ -130,7 +131,7 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter,
 				return 0;
 
 			snprintf(pinstr, sizeof(pinstr), "%06u",
-						rand() % 1000000);
+						l_getrandom_uint32() % 1000000);
 			*display = true;
 			memcpy(pinbuf, pinstr, 6);
 			return 6;
-- 
2.25.1




[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux