From: Tedd Ho-Jeong An <tedd.an@xxxxxxxxx> This patch replaces the rand() function to the l_getrandom() from ELL, which uses the getrandom() system call. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break --- Makefile.plugins | 1 + plugins/autopair.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile.plugins b/Makefile.plugins index 7693c767f..c771b2dfb 100644 --- a/Makefile.plugins +++ b/Makefile.plugins @@ -7,6 +7,7 @@ builtin_sources += plugins/wiimote.c builtin_modules += autopair builtin_sources += plugins/autopair.c +builtin_ldadd += src/libshared-ell.la $(ell_ldadd) builtin_modules += policy builtin_sources += plugins/policy.c diff --git a/plugins/autopair.c b/plugins/autopair.c index 665a4f4a6..474209fd2 100644 --- a/plugins/autopair.c +++ b/plugins/autopair.c @@ -17,6 +17,7 @@ #include <fcntl.h> #include <unistd.h> #include <errno.h> +#include <ell/ell.h> #include <glib.h> @@ -130,7 +131,7 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter, return 0; snprintf(pinstr, sizeof(pinstr), "%06u", - rand() % 1000000); + l_getrandom_uint32() % 1000000); *display = true; memcpy(pinbuf, pinstr, 6); return 6; -- 2.25.1
