From: Tedd Ho-Jeong An <[email protected]>
This series of patch replaces the standard random number generation
function, rand() to the l_getrandom() from the ELL, which is based on
getrandom() system call.
The Coverity scan reported (CWE-676):
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break.
This patches replaces the rand() to l_getrandom() from ELL. It is based
on the getrandom() syscall, which provides more secure random number
than the standard rand().
Tedd Ho-Jeong An (5):
emulator: Replace random number generation function
peripheral: Replace random number generation function
tools/btgatt-server: Replace random number generation function
plugins: Replace random number generation function
profiles/health: Replace random number generation function
Makefile.plugins | 2 ++
Makefile.tools | 10 ++++++----
emulator/le.c | 4 ++--
emulator/phy.c | 6 ++++--
peripheral/main.c | 8 +++-----
plugins/autopair.c | 3 ++-
profiles/health/hdp.c | 8 ++++----
tools/btgatt-server.c | 3 ++-
8 files changed, 25 insertions(+), 19 deletions(-)
--
2.25.1
From: Tedd Ho-Jeong An <[email protected]>
This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
Makefile.tools | 3 ++-
emulator/le.c | 4 ++--
emulator/phy.c | 6 ++++--
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/Makefile.tools b/Makefile.tools
index c7bdff83f..8312d4d27 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -93,7 +93,8 @@ emulator_btvirt_SOURCES = emulator/main.c monitor/bt.h \
emulator/phy.h emulator/phy.c \
emulator/amp.h emulator/amp.c \
emulator/le.h emulator/le.c
-emulator_btvirt_LDADD = lib/libbluetooth-internal.la src/libshared-mainloop.la
+emulator_btvirt_LDADD = lib/libbluetooth-internal.la src/libshared-mainloop.la \
+ src/libshared-ell.la $(ell_ldadd)
emulator_b1ee_SOURCES = emulator/b1ee.c
emulator_b1ee_LDADD = src/libshared-mainloop.la
diff --git a/emulator/le.c b/emulator/le.c
index 07a44c5f1..fed3a7815 100644
--- a/emulator/le.c
+++ b/emulator/le.c
@@ -21,6 +21,7 @@
#include <sys/un.h>
#include <sys/uio.h>
#include <time.h>
+#include <ell/ell.h>
#include "lib/bluetooth.h"
#include "lib/hci.h"
@@ -506,8 +507,7 @@ static unsigned int get_adv_delay(void)
/* The advertising delay is a pseudo-random value with a range
* of 0 ms to 10 ms generated for each advertising event.
*/
- srand(time(NULL));
- return (rand() % 11);
+ return (l_getrandom_uint32() % 11);
}
static void adv_timeout_callback(int id, void *user_data)
diff --git a/emulator/phy.c b/emulator/phy.c
index 2ae6ad3a2..570a9c975 100644
--- a/emulator/phy.c
+++ b/emulator/phy.c
@@ -22,6 +22,7 @@
#include <netinet/in.h>
#include <netinet/ip.h>
#include <time.h>
+#include <ell/ell.h>
#include "src/shared/util.h"
#include "src/shared/mainloop.h"
@@ -152,6 +153,7 @@ static int create_tx_socket(void)
struct bt_phy *bt_phy_new(void)
{
struct bt_phy *phy;
+ uint64_t phy_id;
phy = calloc(1, sizeof(*phy));
if (!phy)
@@ -173,8 +175,8 @@ struct bt_phy *bt_phy_new(void)
mainloop_add_fd(phy->rx_fd, EPOLLIN, phy_rx_callback, phy, NULL);
if (!get_random_bytes(&phy->id, sizeof(phy->id))) {
- srandom(time(NULL));
- phy->id = random();
+ l_getrandom(&phy_id, sizeof(phy_id));
+ phy->id = phy_id;
}
bt_phy_send(phy, BT_PHY_PKT_NULL, NULL, 0);
--
2.25.1
From: Tedd Ho-Jeong An <[email protected]>
This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
Makefile.tools | 3 ++-
peripheral/main.c | 8 +++-----
2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/Makefile.tools b/Makefile.tools
index 8312d4d27..63b52c386 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -109,7 +109,8 @@ peripheral_btsensor_SOURCES = peripheral/main.c \
peripheral/gap.h peripheral/gap.c \
peripheral/gatt.h peripheral/gatt.c
peripheral_btsensor_LDADD = src/libshared-mainloop.la \
- lib/libbluetooth-internal.la
+ lib/libbluetooth-internal.la \
+ src/libshared-ell.la $(ell_ldadd)
tools_3dsp_SOURCES = tools/3dsp.c monitor/bt.h
tools_3dsp_LDADD = src/libshared-mainloop.la
diff --git a/peripheral/main.c b/peripheral/main.c
index 86b52236e..f7ac043a0 100644
--- a/peripheral/main.c
+++ b/peripheral/main.c
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
+#include <ell/ell.h>
#ifndef WAIT_ANY
#define WAIT_ANY (-1)
@@ -191,11 +192,8 @@ int main(int argc, char *argv[])
addr, 6) < 0) {
printf("Generating new persistent static address\n");
- addr[0] = rand();
- addr[1] = rand();
- addr[2] = rand();
- addr[3] = 0x34;
- addr[4] = 0x12;
+ l_getrandom(addr, 6);
+ /* Update the MSB to make it a static address */
addr[5] = 0xc0;
efivars_write("BluetoothStaticAddress",
--
2.25.1
From: Tedd Ho-Jeong An <[email protected]>
This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
Makefile.tools | 4 ++--
tools/btgatt-server.c | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/Makefile.tools b/Makefile.tools
index 63b52c386..45470b767 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -287,8 +287,8 @@ tools_btgatt_client_LDADD = src/libshared-mainloop.la \
tools_btgatt_server_SOURCES = tools/btgatt-server.c src/uuid-helper.c
tools_btgatt_server_LDADD = src/libshared-mainloop.la \
- lib/libbluetooth-internal.la
-
+ lib/libbluetooth-internal.la \
+ src/libshared-ell.la $(ell_ldadd)
tools_rctest_LDADD = lib/libbluetooth-internal.la
tools_l2test_LDADD = lib/libbluetooth-internal.la
diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 000145a3d..d2a877275 100644
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -20,6 +20,7 @@
#include <getopt.h>
#include <unistd.h>
#include <errno.h>
+#include <ell/ell.h>
#include "lib/bluetooth.h"
#include "lib/hci.h"
@@ -286,7 +287,7 @@ static bool hr_msrmt_cb(void *user_data)
uint32_t cur_ee;
pdu[0] = 0x06;
- pdu[1] = 90 + (rand() % 40);
+ pdu[1] = 90 + (l_getrandom_uint32() % 40);
if (expended_present) {
pdu[0] |= 0x08;
--
2.25.1
From: Tedd Ho-Jeong An <[email protected]>
This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
Makefile.plugins | 1 +
plugins/autopair.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/Makefile.plugins b/Makefile.plugins
index 7693c767f..c771b2dfb 100644
--- a/Makefile.plugins
+++ b/Makefile.plugins
@@ -7,6 +7,7 @@ builtin_sources += plugins/wiimote.c
builtin_modules += autopair
builtin_sources += plugins/autopair.c
+builtin_ldadd += src/libshared-ell.la $(ell_ldadd)
builtin_modules += policy
builtin_sources += plugins/policy.c
diff --git a/plugins/autopair.c b/plugins/autopair.c
index 665a4f4a6..474209fd2 100644
--- a/plugins/autopair.c
+++ b/plugins/autopair.c
@@ -17,6 +17,7 @@
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
+#include <ell/ell.h>
#include <glib.h>
@@ -130,7 +131,7 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter,
return 0;
snprintf(pinstr, sizeof(pinstr), "%06u",
- rand() % 1000000);
+ l_getrandom_uint32() % 1000000);
*display = true;
memcpy(pinbuf, pinstr, 6);
return 6;
--
2.25.1
From: Tedd Ho-Jeong An <[email protected]>
This patch replaces the rand() function to the l_getrandom() from ELL,
which uses the getrandom() system call.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
---
Makefile.plugins | 1 +
profiles/health/hdp.c | 8 ++++----
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/Makefile.plugins b/Makefile.plugins
index c771b2dfb..7817035c6 100644
--- a/Makefile.plugins
+++ b/Makefile.plugins
@@ -87,6 +87,7 @@ builtin_sources += profiles/health/mcap.h profiles/health/mcap.c \
profiles/health/hdp_manager.c \
profiles/health/hdp.h profiles/health/hdp.c \
profiles/health/hdp_util.h profiles/health/hdp_util.c
+builtin_ldadd += src/libshared-ell.la $(ell_ldadd)
endif
builtin_modules += gap
diff --git a/profiles/health/hdp.c b/profiles/health/hdp.c
index 6bc41946f..e77f963a4 100644
--- a/profiles/health/hdp.c
+++ b/profiles/health/hdp.c
@@ -16,6 +16,7 @@
#include <stdint.h>
#include <stdbool.h>
#include <unistd.h>
+#include <ell/ell.h>
#include <glib.h>
@@ -1484,13 +1485,12 @@ static void destroy_create_dc_data(gpointer data)
static void *generate_echo_packet(void)
{
uint8_t *buf;
- int i;
buf = g_malloc(HDP_ECHO_LEN);
- srand(time(NULL));
+ if (buf == NULL)
+ return NULL;
- for(i = 0; i < HDP_ECHO_LEN; i++)
- buf[i] = rand() % UINT8_MAX;
+ l_getrandom(buf, HDP_ECHO_LEN);
return buf;
}
--
2.25.1
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=591967
---Test result---
Test Summary:
CheckPatch PASS 6.41 seconds
GitLint PASS 4.35 seconds
Prep - Setup ELL PASS 43.18 seconds
Build - Prep PASS 0.47 seconds
Build - Configure PASS 8.22 seconds
Build - Make PASS 186.52 seconds
Make Check PASS 9.53 seconds
Make Distcheck PASS 222.57 seconds
Build w/ext ELL - Configure PASS 8.31 seconds
Build w/ext ELL - Make PASS 176.44 seconds
---
Regards,
Linux Bluetooth