WiFi-HAL: Removing usage of rand and srand functions

Usage of rand and srand function is a moderate security
vulnerability, thus removing the usage of this and replacing
with arc4random.

Change-Id: I5f24e96817bf3de09848f5626278ac65b00e07ed

5 files changed, 16 insertions, 12 deletions

diff --git a/qcwcn/wifi_hal/common.h b/qcwcn/wifi_hal/common.h
index f7d49e9..7669422 100644
--- a/qcwcn/wifi_hal/common.h
+++ b/qcwcn/wifi_hal/common.h
@@ -166,6 +166,9 @@ wifi_error wifi_stop_rssi_monitoring(wifi_request_id id, wifi_interface_handle i
 #define min(x, y)       ((x) < (y) ? (x) : (y))
 #define max(x, y)       ((x) > (y) ? (x) : (y))
 
+#define REQUEST_ID_MAX 1000
+#define get_requestid() ((arc4random()%REQUEST_ID_MAX) + 1)
+
 #ifdef __cplusplus
 extern "C"
 {
diff --git a/qcwcn/wifi_hal/gscan.cpp b/qcwcn/wifi_hal/gscan.cpp
index cd0b952..03528a8 100644
--- a/qcwcn/wifi_hal/gscan.cpp
+++ b/qcwcn/wifi_hal/gscan.cpp
@@ -20,6 +20,7 @@
 #include <errno.h>
 #include <time.h>
 #include <errno.h>
+#include <stdlib.h>
 
 #include "common.h"
 #include "cpp_bindings.h"
@@ -110,7 +111,7 @@ wifi_error wifi_get_valid_channels(wifi_interface_handle handle,
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
     ALOGI("%s: RequestId:%d Enter band:%d max_channels:%d", __FUNCTION__,
           requestId, band, max_channels);
 
@@ -208,7 +209,7 @@ wifi_error wifi_get_gscan_capabilities(wifi_interface_handle handle,
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate it randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
     ALOGI("%s: Enter RequestId:%d", __FUNCTION__, requestId);
 
     if (capabilities == NULL) {
@@ -1216,7 +1217,7 @@ wifi_error wifi_get_cached_gscan_results(wifi_interface_handle iface,
 
     /* No request id from caller, so generate one and pass it on to the driver. */
     /* Generate it randomly */
-    requestId = rand();
+    requestId = get_requestid();
     ALOGI("%s: Enter RequestId:%d", __FUNCTION__, requestId);
 
     if (results == NULL || num == NULL) {
diff --git a/qcwcn/wifi_hal/wifi_hal.cpp b/qcwcn/wifi_hal/wifi_hal.cpp
index 7942cfd..3e2437f 100644
--- a/qcwcn/wifi_hal/wifi_hal.cpp
+++ b/qcwcn/wifi_hal/wifi_hal.cpp
@@ -308,7 +308,6 @@ wifi_error wifi_initialize(wifi_handle *handle)
     struct nl_sock *cmd_sock = NULL;
     struct nl_sock *event_sock = NULL;
     struct nl_cb *cb = NULL;
-    srand(getpid());
 
     ALOGI("Initializing wifi");
     hal_info *info = (hal_info *)malloc(sizeof(hal_info));
diff --git a/qcwcn/wifi_hal/wificonfig.cpp b/qcwcn/wifi_hal/wificonfig.cpp
index 5f30891..78cb377 100644
--- a/qcwcn/wifi_hal/wificonfig.cpp
+++ b/qcwcn/wifi_hal/wificonfig.cpp
@@ -31,6 +31,7 @@
 #include <utils/Log.h>
 #include <time.h>
 #include <errno.h>
+#include <stdlib.h>
 #include "wificonfigcommand.h"
 
 /* Implementation of the API functions exposed in wifi_config.h */
@@ -120,8 +121,7 @@ wifi_error wifi_set_country_code(wifi_interface_handle iface,
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate it randomly.
      */
-    srand(time(NULL));
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiConfigCommand = new WiFiConfigCommand(
                             wifiHandle,
diff --git a/qcwcn/wifi_hal/wifilogger.cpp b/qcwcn/wifi_hal/wifilogger.cpp
index be49102..9828eb7 100644
--- a/qcwcn/wifi_hal/wifilogger.cpp
+++ b/qcwcn/wifi_hal/wifilogger.cpp
@@ -35,6 +35,7 @@
 #include <utils/Log.h>
 #include "wifiloggercmd.h"
 #include "rb_wrapper.h"
+#include <stdlib.h>
 
 #define LOGGER_MEMDUMP_FILENAME "/proc/debug/fwdump"
 #define LOGGER_MEMDUMP_CHUNKSIZE (4 * 1024)
@@ -77,7 +78,7 @@ wifi_error wifi_start_logging(wifi_interface_handle iface,
      * No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     if (buffer_name == NULL) {
         ALOGE("%s: Invalid Ring Name. \n", __FUNCTION__);
@@ -223,7 +224,7 @@ wifi_error wifi_get_logger_supported_feature_set(wifi_interface_handle iface,
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                             wifiHandle,
@@ -292,7 +293,7 @@ wifi_error wifi_get_ring_data(wifi_interface_handle iface,
         return WIFI_ERROR_UNKNOWN;
     }
 
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                                 wifiHandle,
@@ -358,7 +359,7 @@ wifi_error wifi_get_firmware_version(wifi_interface_handle iface,
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                                 wifiHandle,
@@ -422,7 +423,7 @@ wifi_error wifi_get_driver_version(wifi_interface_handle iface,
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                             wifiHandle,
@@ -485,7 +486,7 @@ wifi_error wifi_get_firmware_memory_dump(wifi_interface_handle iface,
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                             wifiHandle,