From: Tedd Ho-Jeong An <tedd.an@xxxxxxxxx>
This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
Makefile.plugins | 1 +
profiles/health/hdp.c | 8 ++++----
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/Makefile.plugins b/Makefile.plugins
index c771b2dfb..7817035c6 100644
--- a/Makefile.plugins
+++ b/Makefile.plugins
@@ -87,6 +87,7 @@ builtin_sources += profiles/health/mcap.h profiles/health/mcap.c \
profiles/health/hdp_manager.c \
profiles/health/hdp.h profiles/health/hdp.c \
profiles/health/hdp_util.h profiles/health/hdp_util.c
+builtin_ldadd += src/libshared-ell.la $(ell_ldadd)
endif
builtin_modules += gap
diff --git a/profiles/health/hdp.c b/profiles/health/hdp.c
index 6bc41946f..e77f963a4 100644
--- a/profiles/health/hdp.c
+++ b/profiles/health/hdp.c
@@ -16,6 +16,7 @@
#include <stdint.h>
#include <stdbool.h>
#include <unistd.h>
+#include <ell/ell.h>
#include <glib.h>
@@ -1484,13 +1485,12 @@ static void destroy_create_dc_data(gpointer data)
static void *generate_echo_packet(void)
{
uint8_t *buf;
- int i;
buf = g_malloc(HDP_ECHO_LEN);
- srand(time(NULL));
+ if (buf == NULL)
+ return NULL;
- for(i = 0; i < HDP_ECHO_LEN; i++)
- buf[i] = rand() % UINT8_MAX;
+ l_getrandom(buf, HDP_ECHO_LEN);
return buf;
}
--
2.25.1
