From: Tedd Ho-Jeong An <tedd.an@xxxxxxxxx>
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
tools/btgatt-server.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 000145a3d..15d49a464 100644
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -20,6 +20,7 @@
#include <getopt.h>
#include <unistd.h>
#include <errno.h>
+#include <sys/random.h>
#include "lib/bluetooth.h"
#include "lib/hci.h"
@@ -284,9 +285,13 @@ static bool hr_msrmt_cb(void *user_data)
uint16_t len = 2;
uint8_t pdu[4];
uint32_t cur_ee;
+ uint32_t val;
+
+ if (getrandom(&val, sizeof(val), 0) < 0)
+ return false;
pdu[0] = 0x06;
- pdu[1] = 90 + (rand() % 40);
+ pdu[1] = 90 + (val % 40);
if (expended_present) {
pdu[0] |= 0x08;
--
2.25.1
