[BlueZ,2/5] peripheral: Replace random number generation function

Commit Message

Tedd Ho-Jeong An Dec. 8, 2021, 12:54 a.m. UTC

From: Tedd Ho-Jeong An <tedd.an@intel.com>

This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.

It was reported by the Coverity scan
  rand() should not be used for security-related applications, because
  linear congruential algorithms are too easy to break
---
 Makefile.tools    | 3 ++-
 peripheral/main.c | 8 +++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

Patch

diff --git a/Makefile.tools b/Makefile.tools
index 8312d4d27..63b52c386 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -109,7 +109,8 @@  peripheral_btsensor_SOURCES = peripheral/main.c \
 				peripheral/gap.h peripheral/gap.c \
 				peripheral/gatt.h peripheral/gatt.c
 peripheral_btsensor_LDADD = src/libshared-mainloop.la \
-				lib/libbluetooth-internal.la
+				lib/libbluetooth-internal.la \
+				src/libshared-ell.la $(ell_ldadd)
 
 tools_3dsp_SOURCES = tools/3dsp.c monitor/bt.h
 tools_3dsp_LDADD = src/libshared-mainloop.la
diff --git a/peripheral/main.c b/peripheral/main.c
index 86b52236e..f7ac043a0 100644
--- a/peripheral/main.c
+++ b/peripheral/main.c
@@ -25,6 +25,7 @@ 
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/mount.h>
+#include <ell/ell.h>
 
 #ifndef WAIT_ANY
 #define WAIT_ANY (-1)
@@ -191,11 +192,8 @@  int main(int argc, char *argv[])
 							addr, 6) < 0) {
 			printf("Generating new persistent static address\n");
 
-			addr[0] = rand();
-			addr[1] = rand();
-			addr[2] = rand();
-			addr[3] = 0x34;
-			addr[4] = 0x12;
+			l_getrandom(addr, 6);
+			/* Update the MSB to make it a static address */
 			addr[5] = 0xc0;
 
 			efivars_write("BluetoothStaticAddress",