emulator: Replace random number generation function

This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break
author: Tedd Ho-Jeong An <tedd.an@intel.com> 2021-12-08 14:39:19 -0800
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2021-12-08 16:56:17 -0800
commit: df64c87022246022340f0f572b2737cd7ff886f8 (patch)
tree: 2075c058daf47235341ca9ab7fb8bd79af2a3d25 /emulator/le.c
parent: 433f7cce3bc68a05bc7a977aa8e130065872ef3d (diff)
download: bluez-df64c87022246022340f0f572b2737cd7ff886f8.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/emulator/le.c b/emulator/le.c
index 07a44c5f1..f8f313f2c 100644
--- a/emulator/le.c
+++ b/emulator/le.c
@@ -20,6 +20,7 @@
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <sys/uio.h>
+#include <sys/random.h>
 #include <time.h>
 
 #include "lib/bluetooth.h"
@@ -503,11 +504,17 @@ static void send_adv_pkt(struct bt_le *hci, uint8_t channel)
 
 static unsigned int get_adv_delay(void)
 {
+	unsigned int val;
+
 	/* The advertising delay is a pseudo-random value with a range
 	 * of 0 ms to 10 ms generated for each advertising event.
 	 */
-	srand(time(NULL));
-	return (rand() % 11);
+	if (getrandom(&val, sizeof(val), 0) < 0) {
+		/* If it fails to get the random number, use a static value */
+		val = 5;
+	}
+
+	return (val % 11);
 }
 
 static void adv_timeout_callback(int id, void *user_data)
author	Tedd Ho-Jeong An <tedd.an@intel.com>	2021-12-08 14:39:19 -0800
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2021-12-08 16:56:17 -0800
commit	df64c87022246022340f0f572b2737cd7ff886f8 (patch)
tree	2075c058daf47235341ca9ab7fb8bd79af2a3d25 /emulator/le.c
parent	433f7cce3bc68a05bc7a977aa8e130065872ef3d (diff)
download	bluez-df64c87022246022340f0f572b2737cd7ff886f8.tar.gz