From patchwork Wed Dec 8 22:39:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tedd Ho-Jeong An X-Patchwork-Id: 12665431 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD3FFC433FE for ; Wed, 8 Dec 2021 22:39:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237914AbhLHWnB (ORCPT ); Wed, 8 Dec 2021 17:43:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233943AbhLHWnA (ORCPT ); Wed, 8 Dec 2021 17:43:00 -0500 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14798C061746 for ; Wed, 8 Dec 2021 14:39:28 -0800 (PST) Received: by mail-pf1-x432.google.com with SMTP id 8so3716115pfo.4 for ; Wed, 08 Dec 2021 14:39:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=cKwLht1AACZk6fY2XTuSMIVRhpq9sgqQiDy1auNtIpo=; b=G+G+CWTVOYKMm90YPOZBK1utnL4CDd8jHEL21/ltlxRblDUJH5eIdd+vfgK8ZgAdIP JkMeDrozhbt5h1IEwhB0FjmI6HmD2YrpIfUb72wirFGMucBMT1gIcKFq743a/C2HXKPX RTIQD0Q3d80qk4cU7L/nJtJ6cevhANiAVO0Me623CQF5FwYFoKGJ1eOIyq0yREsAiaxo 9QgBiMB1+EXvk0mMjeG1m7a+t+7k7AU4iK7nwwYn75cLVUinCRYIapWf+/AliiSCERwl 0VSaHoHgqooOIGcvamhTgYMvTUM1A3/slSGr7xqk1hPjHVQsYH5LCatnfRfXh+49QDLw 7UMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cKwLht1AACZk6fY2XTuSMIVRhpq9sgqQiDy1auNtIpo=; b=nSHRT2ACKyUsuy6NkgQO24bLgkAKPRSXLbUrDWwiZf+g0vhNwgkMIFXXehoDHrgSj/ 93dAmGnoTz6+/qw8mePUBv8GDTYRNoNRf9HUqLbNF6XNhdDXPSyuHt6iSmTkFzqcPVoL i22ErdmBAKCgEr4XtS8ivoe+AK7O8zQO4l0oMXw7lNGdHqginbBnf+va3aar6+seCc/W saYF4WhCF2wsV0szApCd/4josoYxYVFzX8WsBGXirf7WpA3joPRqoa346zgbHA6MdG+T tzYN0YrlgJv9qvHX3ZkGTAI3v3lZhf5/qXpccVYMFOE9IQ51IgggntbFRixriL/9bITN ACYg== X-Gm-Message-State: AOAM531Slbc0b1KYdiLuvAVVvyf9B9mmOAJCKfinK5E+pRWWon+KvaTi otG/4z8s+AKdEBZhKlgeU7SXodZl16k= X-Google-Smtp-Source: ABdhPJzwdhgTAZCahqS73LnwB7ZO5qHFizt/347dY+mRNbakhK03KZEuvaRl4QXF/Ixo8C3LeBxhoQ== X-Received: by 2002:a62:d0c3:0:b0:4ad:51e9:963e with SMTP id p186-20020a62d0c3000000b004ad51e9963emr8176792pfg.36.1639003167298; Wed, 08 Dec 2021 14:39:27 -0800 (PST) Received: from localhost.localdomain ([2601:1c0:6a01:d830:6e9a:66a9:f3af:51f3]) by smtp.gmail.com with ESMTPSA id n16sm3757948pja.46.2021.12.08.14.39.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Dec 2021 14:39:26 -0800 (PST) From: Tedd Ho-Jeong An To: linux-bluetooth@vger.kernel.org Subject: [BlueZ V2 PATCH 1/5] emulator: Replace random number generation function Date: Wed, 8 Dec 2021 14:39:19 -0800 Message-Id: <20211208223923.519664-2-hj.tedd.an@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211208223923.519664-1-hj.tedd.an@gmail.com> References: <20211208223923.519664-1-hj.tedd.an@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Tedd Ho-Jeong An This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break --- emulator/le.c | 11 +++++++++-- emulator/phy.c | 10 ++++++++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/emulator/le.c b/emulator/le.c index 07a44c5f1..f8f313f2c 100644 --- a/emulator/le.c +++ b/emulator/le.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include "lib/bluetooth.h" @@ -503,11 +504,17 @@ static void send_adv_pkt(struct bt_le *hci, uint8_t channel) static unsigned int get_adv_delay(void) { + unsigned int val; + /* The advertising delay is a pseudo-random value with a range * of 0 ms to 10 ms generated for each advertising event. */ - srand(time(NULL)); - return (rand() % 11); + if (getrandom(&val, sizeof(val), 0) < 0) { + /* If it fails to get the random number, use a static value */ + val = 5; + } + + return (val % 11); } static void adv_timeout_callback(int id, void *user_data) diff --git a/emulator/phy.c b/emulator/phy.c index 2ae6ad3a2..44cace438 100644 --- a/emulator/phy.c +++ b/emulator/phy.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -173,8 +174,13 @@ struct bt_phy *bt_phy_new(void) mainloop_add_fd(phy->rx_fd, EPOLLIN, phy_rx_callback, phy, NULL); if (!get_random_bytes(&phy->id, sizeof(phy->id))) { - srandom(time(NULL)); - phy->id = random(); + if (getrandom(&phy->id, sizeof(phy->id), 0) < 0) { + mainloop_remove_fd(phy->rx_fd); + close(phy->tx_fd); + close(phy->rx_fd); + free(phy); + return NULL; + } } bt_phy_send(phy, BT_PHY_PKT_NULL, NULL, 0); From patchwork Wed Dec 8 22:39:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tedd Ho-Jeong An X-Patchwork-Id: 12665433 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B31CFC433F5 for ; Wed, 8 Dec 2021 22:39:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237918AbhLHWnC (ORCPT ); Wed, 8 Dec 2021 17:43:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237913AbhLHWnB (ORCPT ); Wed, 8 Dec 2021 17:43:01 -0500 Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8994C061746 for ; Wed, 8 Dec 2021 14:39:28 -0800 (PST) Received: by mail-pl1-x633.google.com with SMTP id n8so2526574plf.4 for ; Wed, 08 Dec 2021 14:39:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=xcCXtWkaR8CL9aA+N6B44g2JofUYA1pHfR8xX2mn584=; b=Pp3NBHoCiKnl+AuWfG5PsdFnH/3mxPfUxjZ5lz3Gcwyg/ybvLzRPNG5bOQ2G3PV6oR yggyQIVpRK7JltnRVhDaFk/sg4r089ZdsGenLH7dWvAL6D2OOsJEGqoeTstABIJEK9rJ K4SzZvrgBpOnEmXhx7YEaa8saTXWdndkzMvyjeO7KDONZYKyGogzgPRbk2qI8x9MFlJr 9LAu6KL3Blk1ocWYIR+f9yVq8d8NlqWRTkJtmo3emAg77xka24RiRMY/cm7bpWSEOMaJ MP+gMLMm/+5xy0D8mVyYdzi2/3iYz3f/28yu9vUBuaIoRwn+K0XQ1SlUL2AK2k3HPMFR PO4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xcCXtWkaR8CL9aA+N6B44g2JofUYA1pHfR8xX2mn584=; b=2omqxgCcvDZLwQOSaRSHxRfugHH0SFdpZfAAuusuo0jxJ4DQgEHwmtUURmnWS4hwBA fQkW/LmGag88aiZFl+bA39fsZ6yFJExPbzGFm3dEnTmxsSj6GW945R8F+j3m3603zKCR M95WIPw5MuKX1b0SOktwoJjNq4NnrmlJWYOISpYSnonefSzkTrHsVrD3zPk4XawB8BXF A/Np25sZjn9YHv8gtKbqsP1aBzKd2bvXaDL3w89zcBopRXteSMQgxtr29B6R9Xo7SVcZ 2VyrAKNAkmdQNXT36k0K3SbRcPIWKOEx4tR2wRtFNGgYYIOrxEuxJTRbGKwpNkcr8GkS H2AA== X-Gm-Message-State: AOAM531uij9jWGwRIuIZMN+KnkQCY66WvCJP+V+Y77w4+P95mTZ+p9h5 PhsAaXl0v6Q9bQhAv6CYvK9PwYp2nbs= X-Google-Smtp-Source: ABdhPJzNtqWkwnuu+qqRfxSMD7brSft0nWZhyAvdusCWczyiLWsSmv/WJLUm70JaHMnifkUt/J+XfQ== X-Received: by 2002:a17:90b:1293:: with SMTP id fw19mr10839001pjb.155.1639003168063; Wed, 08 Dec 2021 14:39:28 -0800 (PST) Received: from localhost.localdomain ([2601:1c0:6a01:d830:6e9a:66a9:f3af:51f3]) by smtp.gmail.com with ESMTPSA id n16sm3757948pja.46.2021.12.08.14.39.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Dec 2021 14:39:27 -0800 (PST) From: Tedd Ho-Jeong An To: linux-bluetooth@vger.kernel.org Subject: [BlueZ V2 PATCH 2/5] peripheral: Replace random number generation function Date: Wed, 8 Dec 2021 14:39:20 -0800 Message-Id: <20211208223923.519664-3-hj.tedd.an@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211208223923.519664-1-hj.tedd.an@gmail.com> References: <20211208223923.519664-1-hj.tedd.an@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Tedd Ho-Jeong An This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break --- peripheral/main.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/peripheral/main.c b/peripheral/main.c index 86b52236e..0f5210403 100644 --- a/peripheral/main.c +++ b/peripheral/main.c @@ -25,6 +25,7 @@ #include #include #include +#include #ifndef WAIT_ANY #define WAIT_ANY (-1) @@ -191,11 +192,11 @@ int main(int argc, char *argv[]) addr, 6) < 0) { printf("Generating new persistent static address\n"); - addr[0] = rand(); - addr[1] = rand(); - addr[2] = rand(); - addr[3] = 0x34; - addr[4] = 0x12; + if (getrandom(addr, sizeof(addr), 0) < 0) { + perror("Failed to get random static address"); + return EXIT_FAILURE; + } + /* Overwrite the MSB to make it a static address */ addr[5] = 0xc0; efivars_write("BluetoothStaticAddress", From patchwork Wed Dec 8 22:39:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tedd Ho-Jeong An X-Patchwork-Id: 12665435 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45325C4332F for ; Wed, 8 Dec 2021 22:39:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240636AbhLHWnC (ORCPT ); Wed, 8 Dec 2021 17:43:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42730 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237963AbhLHWnC (ORCPT ); Wed, 8 Dec 2021 17:43:02 -0500 Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 840CFC061746 for ; Wed, 8 Dec 2021 14:39:29 -0800 (PST) Received: by mail-pg1-x535.google.com with SMTP id l64so3311814pgl.9 for ; Wed, 08 Dec 2021 14:39:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=UhCunFf+J/qZtJa1OVsLdNGjKAIj7Nbn9jacChrEnYw=; b=Jm4zOI91mbtEBn3iuHWKofCwty7dIm0sjZfTRBILLmH59hYYq8g7wBbm1f2c+2WwGc Y5zPup2ZYUL4qzVvBDnoieUs8AJ6djphIgJWbODQzh48z7v52cfoXSXkkCQh/IadBM4J bMeJhbBLD6WMHaHzX6VwWEvdHOlqtN1gJDn454xo2HYf9ACQVO1eCpYsR3w44FYzuwW+ 4XdEX6jJQ9D1aHfJ8wyynS6m9EkYt/Z41ugK/ics4L74ck8X8fhFEGROEm2M7BsYR2h3 HO5wKCDYflpqPF9h0aJaJKkKRc36PIGZk6mc1Sj/cpVaf4eEDkhmxScyXegE+MUFJHCE +5Ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=UhCunFf+J/qZtJa1OVsLdNGjKAIj7Nbn9jacChrEnYw=; b=bXPWjwSF78aNCIuLKQjevkfsPwO3ZZtjMwToQw2ukT7+6ftgogcYYpuVSz5W3EBk0y Xa4QMoj8Qf8epQ7fvWvedFxWXjeLtb1HOWO+TszXUJtCee53T1jvEJs1X/HMNrRw8NwR K2fZuBa06Zo0MwpnqvqUMnT5IO3eEePrIBXypqEDMblKXKFZgmvHerVsdibHbsb+t/fR c0uEycWPbP7p6Jtk3aAM3gQEp2zlzLBS/pdCZ6GMqvFfFv1vadcC5UTqOHVdSG0EID0l 1thS4ri/6QtXBOJ0RVVHupOZ9xX5/LPBkcdXR799DkO8DTGcMz/FHwc+iVcmzN5B7v1Q TVlg== X-Gm-Message-State: AOAM533TQ1iohDxsqpvNX+EDw9rxtJ4Chx/laNZ+z74a/3w/NWukqfBj VW+s9hL2qbrgiEk3sFB+NK+ShilK1YE= X-Google-Smtp-Source: ABdhPJwkfJEPuc3PEuiI80bQ5l2OEM0LBeUGKumEDU4ZOAGzs3qcEZRNxQJMUaCYU+CW3Q3ckh+H5Q== X-Received: by 2002:a05:6a00:ad0:b0:4ac:3d49:d8d with SMTP id c16-20020a056a000ad000b004ac3d490d8dmr8193646pfl.25.1639003168752; Wed, 08 Dec 2021 14:39:28 -0800 (PST) Received: from localhost.localdomain ([2601:1c0:6a01:d830:6e9a:66a9:f3af:51f3]) by smtp.gmail.com with ESMTPSA id n16sm3757948pja.46.2021.12.08.14.39.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Dec 2021 14:39:28 -0800 (PST) From: Tedd Ho-Jeong An To: linux-bluetooth@vger.kernel.org Subject: [BlueZ V2 PATCH 3/5] tools/btgatt-server: Replace random number generation function Date: Wed, 8 Dec 2021 14:39:21 -0800 Message-Id: <20211208223923.519664-4-hj.tedd.an@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211208223923.519664-1-hj.tedd.an@gmail.com> References: <20211208223923.519664-1-hj.tedd.an@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Tedd Ho-Jeong An This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break --- tools/btgatt-server.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c index 000145a3d..15d49a464 100644 --- a/tools/btgatt-server.c +++ b/tools/btgatt-server.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "lib/bluetooth.h" #include "lib/hci.h" @@ -284,9 +285,13 @@ static bool hr_msrmt_cb(void *user_data) uint16_t len = 2; uint8_t pdu[4]; uint32_t cur_ee; + uint32_t val; + + if (getrandom(&val, sizeof(val), 0) < 0) + return false; pdu[0] = 0x06; - pdu[1] = 90 + (rand() % 40); + pdu[1] = 90 + (val % 40); if (expended_present) { pdu[0] |= 0x08; From patchwork Wed Dec 8 22:39:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tedd Ho-Jeong An X-Patchwork-Id: 12665437 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D41D6C433FE for ; Wed, 8 Dec 2021 22:39:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240640AbhLHWnD (ORCPT ); Wed, 8 Dec 2021 17:43:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42732 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237997AbhLHWnC (ORCPT ); Wed, 8 Dec 2021 17:43:02 -0500 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3936AC0617A1 for ; Wed, 8 Dec 2021 14:39:30 -0800 (PST) Received: by mail-pl1-x636.google.com with SMTP id u17so2509022plg.9 for ; Wed, 08 Dec 2021 14:39:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=MrWtMuKZpMCN25LN/8i3Rj+4vnCyRyifo7BdIBg+8Ys=; b=G4wOsBmvtACCPUiJxqHWgrXDeqlz/nRU6NDbQ222pvwT4epOMiOCrmYuJjQmTPib79 Cw/OXmpuC8BiFpfXG6xYsV1LWNL3IIRM5H6MlsQW8pCaCO3kf2JeirEjtbYl0aWmssoD qbOVi8sDX9SgB+hVEWhRl0oJ6uxvKl1UsEEvF9zkCQiL4a13mm786C413VsJxcuTVlih 12Fz5kqUZ+ifH1DAZ2pH13DxUc4mwDpbWlqBMk4Wwwb8Z8NpWEGIRYKoTTfFA1wTVnQc ATpbhRtH7D+BiRFtWlGb20/TmAthN6sN4ZmsYPIKNI7nE4+se0NhpUNiKoQme/rH2d2p 6vew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MrWtMuKZpMCN25LN/8i3Rj+4vnCyRyifo7BdIBg+8Ys=; b=sROjlwWCfzmFKYme91pDVvh5g/P8UsQfqgnY2/j2GZWFnAcnfFeAUp4sRF7gPbS1gQ GX/oh66EqBLqZ3ucpVVKt8OZWKABEVp06zE8HENVXnKCjlICJmdt4eBFI6lYLGTEZhNA WMLTH5x0hPXckFlV6KrY9t1wbNwFjUSoDb5eCurNv2m8iDgdcGJvdH8JMjreIk4oiuva vGoMyCYp3ogad+j1LupW9SI6++s7lIury2hS7Z2eAqCOHnPmWt4ahG9EFxhy3Jmr0wZ/ AgKqSoXObasPkZUpvJFYRbk0v4BggJpLR+6Msg3jB2vggW/y/9rWx4Aq4R7ldfRJa8da iP8Q== X-Gm-Message-State: AOAM53334uDk7OzTQeTw2ikKyI4O45UxyKQuedR03moaKhEtdfTPNGY/ KLCIUWL0yHUxiVQtCcgxpCKzo04BVLE= X-Google-Smtp-Source: ABdhPJz+wNfGqowas+VWj38Npm7b801O2jmshPc8uXnW8ZXPRcsgY1csNnMpa4nxou9oy/oAyBzODQ== X-Received: by 2002:a17:90b:4d0e:: with SMTP id mw14mr10674564pjb.43.1639003169534; Wed, 08 Dec 2021 14:39:29 -0800 (PST) Received: from localhost.localdomain ([2601:1c0:6a01:d830:6e9a:66a9:f3af:51f3]) by smtp.gmail.com with ESMTPSA id n16sm3757948pja.46.2021.12.08.14.39.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Dec 2021 14:39:29 -0800 (PST) From: Tedd Ho-Jeong An To: linux-bluetooth@vger.kernel.org Subject: [BlueZ V2 PATCH 4/5] plugins: Replace random number generation function Date: Wed, 8 Dec 2021 14:39:22 -0800 Message-Id: <20211208223923.519664-5-hj.tedd.an@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211208223923.519664-1-hj.tedd.an@gmail.com> References: <20211208223923.519664-1-hj.tedd.an@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Tedd Ho-Jeong An This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break --- plugins/autopair.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/plugins/autopair.c b/plugins/autopair.c index 665a4f4a6..a75ecebe4 100644 --- a/plugins/autopair.c +++ b/plugins/autopair.c @@ -17,6 +17,7 @@ #include #include #include +#include #include @@ -49,6 +50,7 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter, char pinstr[7]; char name[25]; uint32_t class; + uint32_t val; ba2str(device_get_address(device), addr); @@ -129,8 +131,12 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter, if (attempt >= 4) return 0; + if (getrandom(&val, sizeof(val), 0) < 0) { + error("Failed to get a random pincode"); + return 0; + } snprintf(pinstr, sizeof(pinstr), "%06u", - rand() % 1000000); + val % 1000000); *display = true; memcpy(pinbuf, pinstr, 6); return 6; From patchwork Wed Dec 8 22:39:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tedd Ho-Jeong An X-Patchwork-Id: 12665439 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABC8FC433EF for ; Wed, 8 Dec 2021 22:39:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237976AbhLHWnE (ORCPT ); Wed, 8 Dec 2021 17:43:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240637AbhLHWnD (ORCPT ); Wed, 8 Dec 2021 17:43:03 -0500 Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA16EC061746 for ; Wed, 8 Dec 2021 14:39:30 -0800 (PST) Received: by mail-pj1-x102d.google.com with SMTP id nh10-20020a17090b364a00b001a69adad5ebso3310731pjb.2 for ; Wed, 08 Dec 2021 14:39:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Xs0aHye2yddwEZkszgswHNqyiNadnHO4Kp4zkIjmceU=; b=qYrHZn4P9VIktrEWPBD02PGnSXtWYaRqRS7JaDokLrLh8vuCHYIEUNIl5zO3tqZ5C7 OX4pehzpnwjhzYmTSrJ9CsU9+UcVQXktfOjLn5D/qN/vrnXyxi5KEMF6V4eB3SqR68V+ 4/ssyNKG0oyXfznXDgwz7tFELbQohMUDRFwiZyHmYKLIcmMkcRSOk9z6s+VbGNHO0Wvf K+wcv1elTKKTl09UniuQ2KacdSkpoETQonqNXHqR9D+KR7+sNkEFizuUsmM7zLiXqRbg Ri57/8s4qKXxPRLLlikFKv19JIYQ4Ax/OKw+2TorZ8sYfhPLqpgqx6UF/rqOc1CMGzX2 F4gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Xs0aHye2yddwEZkszgswHNqyiNadnHO4Kp4zkIjmceU=; b=KCGO/bL/N4stBvwUC9Rjt+OgTSeYxAtgqcUQm1XuJyAsWnjn5nWIh8CyCQltt3uv/6 wXj6ifzcm8KWro8t9atn4qxPOoRH58Ltn/NQYPx3RUxqNFvUu8J/mDWM8bwZ0vvY3ac8 cvH6gUvUnt+kcsgqtGF8k3riOJ7wBQ+hasL9Kte3s79wqY6FiSXEMTeMTKRDshMWzOCE rF3xHG/6f0L7FBBH/lVi5EVpQnM59bSnIKY0+TwDWxe/MtHx+zpECp9qa320Agniufo+ LwbN7gTnPkQZJrekh/ok+Ccg+D0GHv/3CEiwFAXiXeW1x/1Y1Qc54kCuw7BczXTSpQho EiEA== X-Gm-Message-State: AOAM5314BXOcCal4/hVGK5lyxattsgKHmq2Rxd7mwwM0sK9+VbrDnLqO xB36DjXVmLJCFYfqmLxft3BunpiNMV0= X-Google-Smtp-Source: ABdhPJxVDUN4hNGIQvBhi3OvbW56xTHQpYB/eiuKT/3duZszaOoTJlawjEakskZWKJeZAiOrBho3MQ== X-Received: by 2002:a17:90b:33d0:: with SMTP id lk16mr10807812pjb.7.1639003170212; Wed, 08 Dec 2021 14:39:30 -0800 (PST) Received: from localhost.localdomain ([2601:1c0:6a01:d830:6e9a:66a9:f3af:51f3]) by smtp.gmail.com with ESMTPSA id n16sm3757948pja.46.2021.12.08.14.39.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Dec 2021 14:39:29 -0800 (PST) From: Tedd Ho-Jeong An To: linux-bluetooth@vger.kernel.org Subject: [BlueZ V2 PATCH 5/5] profiles/health: Replace random number generation function Date: Wed, 8 Dec 2021 14:39:23 -0800 Message-Id: <20211208223923.519664-6-hj.tedd.an@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211208223923.519664-1-hj.tedd.an@gmail.com> References: <20211208223923.519664-1-hj.tedd.an@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Tedd Ho-Jeong An This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break --- profiles/health/hdp.c | 11 +++++++---- profiles/health/mcap.c | 17 +++++++++++++++-- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/profiles/health/hdp.c b/profiles/health/hdp.c index 6bc41946f..40b6cc18a 100644 --- a/profiles/health/hdp.c +++ b/profiles/health/hdp.c @@ -16,6 +16,7 @@ #include #include #include +#include #include @@ -1484,13 +1485,15 @@ static void destroy_create_dc_data(gpointer data) static void *generate_echo_packet(void) { uint8_t *buf; - int i; buf = g_malloc(HDP_ECHO_LEN); - srand(time(NULL)); + if (!buf) + return NULL; - for(i = 0; i < HDP_ECHO_LEN; i++) - buf[i] = rand() % UINT8_MAX; + if (getrandom(buf, HDP_ECHO_LEN, 0) < 0) { + g_free(buf); + return NULL; + } return buf; } diff --git a/profiles/health/mcap.c b/profiles/health/mcap.c index 5161ef77c..aad0a08a3 100644 --- a/profiles/health/mcap.c +++ b/profiles/health/mcap.c @@ -19,6 +19,7 @@ #include #include #include +#include #include @@ -1888,6 +1889,7 @@ gboolean mcap_create_mcl(struct mcap_instance *mi, { struct mcap_mcl *mcl; struct connect_mcl *con; + uint16_t val; mcl = find_mcl(mi->mcls, addr); if (mcl) { @@ -1903,7 +1905,12 @@ gboolean mcap_create_mcl(struct mcap_instance *mi, mcl->state = MCL_IDLE; bacpy(&mcl->addr, addr); set_default_cb(mcl); - mcl->next_mdl = (rand() % MCAP_MDLID_FINAL) + 1; + if (getrandom(&val, sizeof(val), 0) < 0) { + mcap_instance_unref(mcl->mi); + g_free(mcl); + return FALSE; + } + mcl->next_mdl = (val % MCAP_MDLID_FINAL) + 1; } mcl->ctrl |= MCAP_CTRL_CONN; @@ -2013,6 +2020,7 @@ static void connect_mcl_event_cb(GIOChannel *chan, GError *gerr, bdaddr_t dst; char address[18], srcstr[18]; GError *err = NULL; + uint16_t val; if (gerr) return; @@ -2041,7 +2049,12 @@ static void connect_mcl_event_cb(GIOChannel *chan, GError *gerr, mcl->mi = mcap_instance_ref(mi); bacpy(&mcl->addr, &dst); set_default_cb(mcl); - mcl->next_mdl = (rand() % MCAP_MDLID_FINAL) + 1; + if (getrandom(&val, sizeof(val), 0) < 0) { + mcap_instance_unref(mcl->mi); + g_free(mcl); + goto drop; + } + mcl->next_mdl = (val % MCAP_MDLID_FINAL) + 1; } set_mcl_conf(chan, mcl);