From: Tedd Ho-Jeong An <tedd.an@xxxxxxxxx>
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
emulator/le.c | 11 +++++++++--
emulator/phy.c | 10 ++++++++--
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/emulator/le.c b/emulator/le.c
index 07a44c5f1..f8f313f2c 100644
--- a/emulator/le.c
+++ b/emulator/le.c
@@ -20,6 +20,7 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/uio.h>
+#include <sys/random.h>
#include <time.h>
#include "lib/bluetooth.h"
@@ -503,11 +504,17 @@ static void send_adv_pkt(struct bt_le *hci, uint8_t channel)
static unsigned int get_adv_delay(void)
{
+ unsigned int val;
+
/* The advertising delay is a pseudo-random value with a range
* of 0 ms to 10 ms generated for each advertising event.
*/
- srand(time(NULL));
- return (rand() % 11);
+ if (getrandom(&val, sizeof(val), 0) < 0) {
+ /* If it fails to get the random number, use a static value */
+ val = 5;
+ }
+
+ return (val % 11);
}
static void adv_timeout_callback(int id, void *user_data)
diff --git a/emulator/phy.c b/emulator/phy.c
index 2ae6ad3a2..44cace438 100644
--- a/emulator/phy.c
+++ b/emulator/phy.c
@@ -19,6 +19,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
+#include <sys/random.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <time.h>
@@ -173,8 +174,13 @@ struct bt_phy *bt_phy_new(void)
mainloop_add_fd(phy->rx_fd, EPOLLIN, phy_rx_callback, phy, NULL);
if (!get_random_bytes(&phy->id, sizeof(phy->id))) {
- srandom(time(NULL));
- phy->id = random();
+ if (getrandom(&phy->id, sizeof(phy->id), 0) < 0) {
+ mainloop_remove_fd(phy->rx_fd);
+ close(phy->tx_fd);
+ close(phy->rx_fd);
+ free(phy);
+ return NULL;
+ }
}
bt_phy_send(phy, BT_PHY_PKT_NULL, NULL, 0);
--
2.25.1
