diff options
author | Subhani Shaik <subhanis@codeaurora.org> | 2015-08-06 14:22:50 -0700 |
---|---|---|
committer | Vineeta Srivastava <vsrivastava@google.com> | 2015-08-10 16:57:09 -0700 |
commit | 2d953ba14654205d59c3214217a1fa4e0cd0dc33 (patch) | |
tree | 6a486d0ad7b732164900ffa86cf9933b35bb3576 | |
parent | b310783d41ec4b4e3808abb18241594b3f4d504d (diff) | |
download | wlan-2d953ba14654205d59c3214217a1fa4e0cd0dc33.tar.gz |
WiFi-HAL: Removing usage of rand and srand functions
Usage of rand and srand function is a moderate security
vulnerability, thus removing the usage of this and replacing
with arc4random.
Change-Id: I5f24e96817bf3de09848f5626278ac65b00e07ed
-rw-r--r-- | qcwcn/wifi_hal/common.h | 3 | ||||
-rw-r--r-- | qcwcn/wifi_hal/gscan.cpp | 7 | ||||
-rw-r--r-- | qcwcn/wifi_hal/wifi_hal.cpp | 1 | ||||
-rw-r--r-- | qcwcn/wifi_hal/wificonfig.cpp | 4 | ||||
-rw-r--r-- | qcwcn/wifi_hal/wifilogger.cpp | 13 |
5 files changed, 16 insertions, 12 deletions
diff --git a/qcwcn/wifi_hal/common.h b/qcwcn/wifi_hal/common.h index f7d49e9..7669422 100644 --- a/qcwcn/wifi_hal/common.h +++ b/qcwcn/wifi_hal/common.h @@ -166,6 +166,9 @@ wifi_error wifi_stop_rssi_monitoring(wifi_request_id id, wifi_interface_handle i #define min(x, y) ((x) < (y) ? (x) : (y)) #define max(x, y) ((x) > (y) ? (x) : (y)) +#define REQUEST_ID_MAX 1000 +#define get_requestid() ((arc4random()%REQUEST_ID_MAX) + 1) + #ifdef __cplusplus extern "C" { diff --git a/qcwcn/wifi_hal/gscan.cpp b/qcwcn/wifi_hal/gscan.cpp index cd0b952..03528a8 100644 --- a/qcwcn/wifi_hal/gscan.cpp +++ b/qcwcn/wifi_hal/gscan.cpp @@ -20,6 +20,7 @@ #include <errno.h> #include <time.h> #include <errno.h> +#include <stdlib.h> #include "common.h" #include "cpp_bindings.h" @@ -110,7 +111,7 @@ wifi_error wifi_get_valid_channels(wifi_interface_handle handle, /* No request id from caller, so generate one and pass it on to the driver. * Generate one randomly. */ - requestId = rand(); + requestId = get_requestid(); ALOGI("%s: RequestId:%d Enter band:%d max_channels:%d", __FUNCTION__, requestId, band, max_channels); @@ -208,7 +209,7 @@ wifi_error wifi_get_gscan_capabilities(wifi_interface_handle handle, /* No request id from caller, so generate one and pass it on to the driver. * Generate it randomly. */ - requestId = rand(); + requestId = get_requestid(); ALOGI("%s: Enter RequestId:%d", __FUNCTION__, requestId); if (capabilities == NULL) { @@ -1216,7 +1217,7 @@ wifi_error wifi_get_cached_gscan_results(wifi_interface_handle iface, /* No request id from caller, so generate one and pass it on to the driver. */ /* Generate it randomly */ - requestId = rand(); + requestId = get_requestid(); ALOGI("%s: Enter RequestId:%d", __FUNCTION__, requestId); if (results == NULL || num == NULL) { diff --git a/qcwcn/wifi_hal/wifi_hal.cpp b/qcwcn/wifi_hal/wifi_hal.cpp index 7942cfd..3e2437f 100644 --- a/qcwcn/wifi_hal/wifi_hal.cpp +++ b/qcwcn/wifi_hal/wifi_hal.cpp @@ -308,7 +308,6 @@ wifi_error wifi_initialize(wifi_handle *handle) struct nl_sock *cmd_sock = NULL; struct nl_sock *event_sock = NULL; struct nl_cb *cb = NULL; - srand(getpid()); ALOGI("Initializing wifi"); hal_info *info = (hal_info *)malloc(sizeof(hal_info)); diff --git a/qcwcn/wifi_hal/wificonfig.cpp b/qcwcn/wifi_hal/wificonfig.cpp index 5f30891..78cb377 100644 --- a/qcwcn/wifi_hal/wificonfig.cpp +++ b/qcwcn/wifi_hal/wificonfig.cpp @@ -31,6 +31,7 @@ #include <utils/Log.h> #include <time.h> #include <errno.h> +#include <stdlib.h> #include "wificonfigcommand.h" /* Implementation of the API functions exposed in wifi_config.h */ @@ -120,8 +121,7 @@ wifi_error wifi_set_country_code(wifi_interface_handle iface, /* No request id from caller, so generate one and pass it on to the driver. * Generate it randomly. */ - srand(time(NULL)); - requestId = rand(); + requestId = get_requestid(); wifiConfigCommand = new WiFiConfigCommand( wifiHandle, diff --git a/qcwcn/wifi_hal/wifilogger.cpp b/qcwcn/wifi_hal/wifilogger.cpp index be49102..9828eb7 100644 --- a/qcwcn/wifi_hal/wifilogger.cpp +++ b/qcwcn/wifi_hal/wifilogger.cpp @@ -35,6 +35,7 @@ #include <utils/Log.h> #include "wifiloggercmd.h" #include "rb_wrapper.h" +#include <stdlib.h> #define LOGGER_MEMDUMP_FILENAME "/proc/debug/fwdump" #define LOGGER_MEMDUMP_CHUNKSIZE (4 * 1024) @@ -77,7 +78,7 @@ wifi_error wifi_start_logging(wifi_interface_handle iface, * No request id from caller, so generate one and pass it on to the driver. * Generate one randomly. */ - requestId = rand(); + requestId = get_requestid(); if (buffer_name == NULL) { ALOGE("%s: Invalid Ring Name. \n", __FUNCTION__); @@ -223,7 +224,7 @@ wifi_error wifi_get_logger_supported_feature_set(wifi_interface_handle iface, /* No request id from caller, so generate one and pass it on to the driver. * Generate one randomly. */ - requestId = rand(); + requestId = get_requestid(); wifiLoggerCommand = new WifiLoggerCommand( wifiHandle, @@ -292,7 +293,7 @@ wifi_error wifi_get_ring_data(wifi_interface_handle iface, return WIFI_ERROR_UNKNOWN; } - requestId = rand(); + requestId = get_requestid(); wifiLoggerCommand = new WifiLoggerCommand( wifiHandle, @@ -358,7 +359,7 @@ wifi_error wifi_get_firmware_version(wifi_interface_handle iface, /* No request id from caller, so generate one and pass it on to the driver. * Generate one randomly. */ - requestId = rand(); + requestId = get_requestid(); wifiLoggerCommand = new WifiLoggerCommand( wifiHandle, @@ -422,7 +423,7 @@ wifi_error wifi_get_driver_version(wifi_interface_handle iface, /* No request id from caller, so generate one and pass it on to the driver. * Generate one randomly. */ - requestId = rand(); + requestId = get_requestid(); wifiLoggerCommand = new WifiLoggerCommand( wifiHandle, @@ -485,7 +486,7 @@ wifi_error wifi_get_firmware_memory_dump(wifi_interface_handle iface, /* No request id from caller, so generate one and pass it on to the driver. * Generate one randomly. */ - requestId = rand(); + requestId = get_requestid(); wifiLoggerCommand = new WifiLoggerCommand( wifiHandle, |