plugins: Replace random number generation function

This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break
author: Tedd Ho-Jeong An <tedd.an@intel.com> 2021-12-08 14:39:22 -0800
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2021-12-08 16:56:18 -0800
commit: 6efadbcd07955587ff820c1e742c1458c48ae923 (patch)
tree: 8bbe7fedcea1710ab3755f8821bbfb516f0f9d78 /plugins
parent: 9968b0b66abf6dec89f68447d7158608c105c17c (diff)
download: bluez-6efadbcd07955587ff820c1e742c1458c48ae923.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/plugins/autopair.c b/plugins/autopair.c
index 665a4f4a6..a75ecebe4 100644
--- a/plugins/autopair.c
+++ b/plugins/autopair.c
@@ -17,6 +17,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
+#include <sys/random.h>
 
 #include <glib.h>
 
@@ -49,6 +50,7 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter,
 	char pinstr[7];
 	char name[25];
 	uint32_t class;
+	uint32_t val;
 
 	ba2str(device_get_address(device), addr);
 
@@ -129,8 +131,12 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter,
 			if (attempt >= 4)
 				return 0;
 
+			if (getrandom(&val, sizeof(val), 0) < 0) {
+				error("Failed to get a random pincode");
+				return 0;
+			}
 			snprintf(pinstr, sizeof(pinstr), "%06u",
-						rand() % 1000000);
+						val % 1000000);
 			*display = true;
 			memcpy(pinbuf, pinstr, 6);
 			return 6;
author	Tedd Ho-Jeong An <tedd.an@intel.com>	2021-12-08 14:39:22 -0800
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2021-12-08 16:56:18 -0800
commit	6efadbcd07955587ff820c1e742c1458c48ae923 (patch)
tree	8bbe7fedcea1710ab3755f8821bbfb516f0f9d78 /plugins
parent	9968b0b66abf6dec89f68447d7158608c105c17c (diff)
download	bluez-6efadbcd07955587ff820c1e742c1458c48ae923.tar.gz