From: Tedd Ho-Jeong An <tedd.an@xxxxxxxxx>
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
peripheral/main.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/peripheral/main.c b/peripheral/main.c
index 86b52236e..0f5210403 100644
--- a/peripheral/main.c
+++ b/peripheral/main.c
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
+#include <sys/random.h>
#ifndef WAIT_ANY
#define WAIT_ANY (-1)
@@ -191,11 +192,11 @@ int main(int argc, char *argv[])
addr, 6) < 0) {
printf("Generating new persistent static address\n");
- addr[0] = rand();
- addr[1] = rand();
- addr[2] = rand();
- addr[3] = 0x34;
- addr[4] = 0x12;
+ if (getrandom(addr, sizeof(addr), 0) < 0) {
+ perror("Failed to get random static address");
+ return EXIT_FAILURE;
+ }
+ /* Overwrite the MSB to make it a static address */
addr[5] = 0xc0;
efivars_write("BluetoothStaticAddress",
--
2.25.1
