diff options
author | Tedd Ho-Jeong An <tedd.an@intel.com> | 2021-12-08 14:39:20 -0800 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2021-12-08 16:56:18 -0800 |
commit | a11eea9259212fca4d028746c3107258021a8554 (patch) | |
tree | 568e1e62442db3718303c49c319654dfa3eda4a2 /peripheral | |
parent | df64c87022246022340f0f572b2737cd7ff886f8 (diff) | |
download | bluez-a11eea9259212fca4d028746c3107258021a8554.tar.gz |
peripheral: Replace random number generation function
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
Diffstat (limited to 'peripheral')
-rw-r--r-- | peripheral/main.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/peripheral/main.c b/peripheral/main.c index 86b52236e..0f5210403 100644 --- a/peripheral/main.c +++ b/peripheral/main.c @@ -25,6 +25,7 @@ #include <sys/stat.h> #include <sys/types.h> #include <sys/mount.h> +#include <sys/random.h> #ifndef WAIT_ANY #define WAIT_ANY (-1) @@ -191,11 +192,11 @@ int main(int argc, char *argv[]) addr, 6) < 0) { printf("Generating new persistent static address\n"); - addr[0] = rand(); - addr[1] = rand(); - addr[2] = rand(); - addr[3] = 0x34; - addr[4] = 0x12; + if (getrandom(addr, sizeof(addr), 0) < 0) { + perror("Failed to get random static address"); + return EXIT_FAILURE; + } + /* Overwrite the MSB to make it a static address */ addr[5] = 0xc0; efivars_write("BluetoothStaticAddress", |