From: Tedd Ho-Jeong An <hj.tedd.an@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [BlueZ PATCH 1/5] emulator: Replace random number generation function
Date: Tue, 7 Dec 2021 16:54:42 -0800 [thread overview]
Message-ID: <20211208005446.196637-2-hj.tedd.an@gmail.com> (raw)
In-Reply-To: <20211208005446.196637-1-hj.tedd.an@gmail.com>
From: Tedd Ho-Jeong An <tedd.an@intel.com>
This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
Makefile.tools | 3 ++-
emulator/le.c | 4 ++--
emulator/phy.c | 6 ++++--
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/Makefile.tools b/Makefile.tools
index c7bdff83f..8312d4d27 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -93,7 +93,8 @@ emulator_btvirt_SOURCES = emulator/main.c monitor/bt.h \
emulator/phy.h emulator/phy.c \
emulator/amp.h emulator/amp.c \
emulator/le.h emulator/le.c
-emulator_btvirt_LDADD = lib/libbluetooth-internal.la src/libshared-mainloop.la
+emulator_btvirt_LDADD = lib/libbluetooth-internal.la src/libshared-mainloop.la \
+ src/libshared-ell.la $(ell_ldadd)
emulator_b1ee_SOURCES = emulator/b1ee.c
emulator_b1ee_LDADD = src/libshared-mainloop.la
diff --git a/emulator/le.c b/emulator/le.c
index 07a44c5f1..fed3a7815 100644
--- a/emulator/le.c
+++ b/emulator/le.c
@@ -21,6 +21,7 @@
#include <sys/un.h>
#include <sys/uio.h>
#include <time.h>
+#include <ell/ell.h>
#include "lib/bluetooth.h"
#include "lib/hci.h"
@@ -506,8 +507,7 @@ static unsigned int get_adv_delay(void)
/* The advertising delay is a pseudo-random value with a range
* of 0 ms to 10 ms generated for each advertising event.
*/
- srand(time(NULL));
- return (rand() % 11);
+ return (l_getrandom_uint32() % 11);
}
static void adv_timeout_callback(int id, void *user_data)
diff --git a/emulator/phy.c b/emulator/phy.c
index 2ae6ad3a2..570a9c975 100644
--- a/emulator/phy.c
+++ b/emulator/phy.c
@@ -22,6 +22,7 @@
#include <netinet/in.h>
#include <netinet/ip.h>
#include <time.h>
+#include <ell/ell.h>
#include "src/shared/util.h"
#include "src/shared/mainloop.h"
@@ -152,6 +153,7 @@ static int create_tx_socket(void)
struct bt_phy *bt_phy_new(void)
{
struct bt_phy *phy;
+ uint64_t phy_id;
phy = calloc(1, sizeof(*phy));
if (!phy)
@@ -173,8 +175,8 @@ struct bt_phy *bt_phy_new(void)
mainloop_add_fd(phy->rx_fd, EPOLLIN, phy_rx_callback, phy, NULL);
if (!get_random_bytes(&phy->id, sizeof(phy->id))) {
- srandom(time(NULL));
- phy->id = random();
+ l_getrandom(&phy_id, sizeof(phy_id));
+ phy->id = phy_id;
}
bt_phy_send(phy, BT_PHY_PKT_NULL, NULL, 0);
--
2.25.1
next prev parent reply other threads:[~2021-12-08 0:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-08 0:54 [BlueZ PATCH 0/5] Replace random number generation function Tedd Ho-Jeong An
2021-12-08 0:54 ` Tedd Ho-Jeong An [this message]
2021-12-08 1:30 ` bluez.test.bot
2021-12-08 0:54 ` [BlueZ PATCH 2/5] peripheral: " Tedd Ho-Jeong An
2021-12-08 0:54 ` [BlueZ PATCH 3/5] tools/btgatt-server: " Tedd Ho-Jeong An
2021-12-08 0:54 ` [BlueZ PATCH 4/5] plugins: " Tedd Ho-Jeong An
2021-12-08 0:54 ` [BlueZ PATCH 5/5] profiles/health: " Tedd Ho-Jeong An
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211208005446.196637-2-hj.tedd.an@gmail.com \
--to=hj.tedd.an@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.