tools/btgatt-server: Replace random number generation function

This patch replaces the rand() function to the getrandom() syscall. It was reported by the Coverity scan rand() should not be used for security-related applications, because linear congruential algorithms are too easy to break
author: Tedd Ho-Jeong An <tedd.an@intel.com> 2021-12-08 14:39:21 -0800
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2021-12-08 16:56:18 -0800
commit: 9968b0b66abf6dec89f68447d7158608c105c17c (patch)
tree: f886c75016fad7ec76b7f1395743a8fc19b4dd6d
parent: a11eea9259212fca4d028746c3107258021a8554 (diff)
download: bluez-9968b0b66abf6dec89f68447d7158608c105c17c.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 000145a3d..15d49a464 100644
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -20,6 +20,7 @@
 #include <getopt.h>
 #include <unistd.h>
 #include <errno.h>
+#include <sys/random.h>
 
 #include "lib/bluetooth.h"
 #include "lib/hci.h"
@@ -284,9 +285,13 @@ static bool hr_msrmt_cb(void *user_data)
 	uint16_t len = 2;
 	uint8_t pdu[4];
 	uint32_t cur_ee;
+	uint32_t val;
+
+	if (getrandom(&val, sizeof(val), 0) < 0)
+		return false;
 
 	pdu[0] = 0x06;
-	pdu[1] = 90 + (rand() % 40);
+	pdu[1] = 90 + (val % 40);
 
 	if (expended_present) {
 		pdu[0] |= 0x08;
author	Tedd Ho-Jeong An <tedd.an@intel.com>	2021-12-08 14:39:21 -0800
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2021-12-08 16:56:18 -0800
commit	9968b0b66abf6dec89f68447d7158608c105c17c (patch)
tree	f886c75016fad7ec76b7f1395743a8fc19b4dd6d
parent	a11eea9259212fca4d028746c3107258021a8554 (diff)
download	bluez-9968b0b66abf6dec89f68447d7158608c105c17c.tar.gz