diff options
author | Tedd Ho-Jeong An <tedd.an@intel.com> | 2021-12-08 14:39:22 -0800 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2021-12-08 16:56:18 -0800 |
commit | 6efadbcd07955587ff820c1e742c1458c48ae923 (patch) | |
tree | 8bbe7fedcea1710ab3755f8821bbfb516f0f9d78 /plugins | |
parent | 9968b0b66abf6dec89f68447d7158608c105c17c (diff) | |
download | bluez-6efadbcd07955587ff820c1e742c1458c48ae923.tar.gz |
plugins: Replace random number generation function
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/autopair.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/plugins/autopair.c b/plugins/autopair.c index 665a4f4a6..a75ecebe4 100644 --- a/plugins/autopair.c +++ b/plugins/autopair.c @@ -17,6 +17,7 @@ #include <fcntl.h> #include <unistd.h> #include <errno.h> +#include <sys/random.h> #include <glib.h> @@ -49,6 +50,7 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter, char pinstr[7]; char name[25]; uint32_t class; + uint32_t val; ba2str(device_get_address(device), addr); @@ -129,8 +131,12 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter, if (attempt >= 4) return 0; + if (getrandom(&val, sizeof(val), 0) < 0) { + error("Failed to get a random pincode"); + return 0; + } snprintf(pinstr, sizeof(pinstr), "%06u", - rand() % 1000000); + val % 1000000); *display = true; memcpy(pinbuf, pinstr, 6); return 6; |