peripheral: Replace random number generation function

This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break
author: Tedd Ho-Jeong An <tedd.an@intel.com> 2021-12-08 14:39:20 -0800
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2021-12-08 16:56:18 -0800
commit: a11eea9259212fca4d028746c3107258021a8554 (patch)
tree: 568e1e62442db3718303c49c319654dfa3eda4a2 /peripheral
parent: df64c87022246022340f0f572b2737cd7ff886f8 (diff)
download: bluez-a11eea9259212fca4d028746c3107258021a8554.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/peripheral/main.c b/peripheral/main.c
index 86b52236e..0f5210403 100644
--- a/peripheral/main.c
+++ b/peripheral/main.c
@@ -25,6 +25,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/mount.h>
+#include <sys/random.h>
 
 #ifndef WAIT_ANY
 #define WAIT_ANY (-1)
@@ -191,11 +192,11 @@ int main(int argc, char *argv[])
 							addr, 6) < 0) {
 			printf("Generating new persistent static address\n");
 
-			addr[0] = rand();
-			addr[1] = rand();
-			addr[2] = rand();
-			addr[3] = 0x34;
-			addr[4] = 0x12;
+			if (getrandom(addr, sizeof(addr), 0) < 0) {
+				perror("Failed to get random static address");
+				return EXIT_FAILURE;
+			}
+			/* Overwrite the MSB to make it a static address */
 			addr[5] = 0xc0;
 
 			efivars_write("BluetoothStaticAddress",
author	Tedd Ho-Jeong An <tedd.an@intel.com>	2021-12-08 14:39:20 -0800
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2021-12-08 16:56:18 -0800
commit	a11eea9259212fca4d028746c3107258021a8554 (patch)
tree	568e1e62442db3718303c49c319654dfa3eda4a2 /peripheral
parent	df64c87022246022340f0f572b2737cd7ff886f8 (diff)
download	bluez-a11eea9259212fca4d028746c3107258021a8554.tar.gz