Google Git
Sign in
android / platform / hardware / qcom / wlan / 2d953ba^! / .
commit2d953ba14654205d59c3214217a1fa4e0cd0dc33[log] [tgz]
authorSubhani Shaik <subhanis@codeaurora.org>Thu Aug 06 14:22:50 2015 -0700
committerVineeta Srivastava <vsrivastava@google.com>Mon Aug 10 16:57:09 2015 -0700
tree6a486d0ad7b732164900ffa86cf9933b35bb3576
parentb310783d41ec4b4e3808abb18241594b3f4d504d [diff]
WiFi-HAL: Removing usage of rand and srand functions

Usage of rand and srand function is a moderate security
vulnerability, thus removing the usage of this and replacing
with arc4random.

Change-Id: I5f24e96817bf3de09848f5626278ac65b00e07ed

diff --git a/qcwcn/wifi_hal/common.h b/qcwcn/wifi_hal/common.h
index f7d49e9..7669422 100644
--- a/qcwcn/wifi_hal/common.h
+++ b/qcwcn/wifi_hal/common.h

@@ -166,6 +166,9 @@
 #define min(x, y)       ((x) < (y) ? (x) : (y))
 #define max(x, y)       ((x) > (y) ? (x) : (y))
 
+#define REQUEST_ID_MAX 1000
+#define get_requestid() ((arc4random()%REQUEST_ID_MAX) + 1)
+
 #ifdef __cplusplus
 extern "C"
 {

diff --git a/qcwcn/wifi_hal/gscan.cpp b/qcwcn/wifi_hal/gscan.cpp
index cd0b952..03528a8 100644
--- a/qcwcn/wifi_hal/gscan.cpp
+++ b/qcwcn/wifi_hal/gscan.cpp

@@ -20,6 +20,7 @@
 #include <errno.h>
 #include <time.h>
 #include <errno.h>
+#include <stdlib.h>
 
 #include "common.h"
 #include "cpp_bindings.h"
@@ -110,7 +111,7 @@
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
     ALOGI("%s: RequestId:%d Enter band:%d max_channels:%d", __FUNCTION__,
           requestId, band, max_channels);
 
@@ -208,7 +209,7 @@
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate it randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
     ALOGI("%s: Enter RequestId:%d", __FUNCTION__, requestId);
 
     if (capabilities == NULL) {
@@ -1216,7 +1217,7 @@
 
     /* No request id from caller, so generate one and pass it on to the driver. */
     /* Generate it randomly */
-    requestId = rand();
+    requestId = get_requestid();
     ALOGI("%s: Enter RequestId:%d", __FUNCTION__, requestId);
 
     if (results == NULL || num == NULL) {

diff --git a/qcwcn/wifi_hal/wifi_hal.cpp b/qcwcn/wifi_hal/wifi_hal.cpp
index 7942cfd..3e2437f 100644
--- a/qcwcn/wifi_hal/wifi_hal.cpp
+++ b/qcwcn/wifi_hal/wifi_hal.cpp

@@ -308,7 +308,6 @@
     struct nl_sock *cmd_sock = NULL;
     struct nl_sock *event_sock = NULL;
     struct nl_cb *cb = NULL;
-    srand(getpid());
 
     ALOGI("Initializing wifi");
     hal_info *info = (hal_info *)malloc(sizeof(hal_info));

diff --git a/qcwcn/wifi_hal/wificonfig.cpp b/qcwcn/wifi_hal/wificonfig.cpp
index 5f30891..78cb377 100644
--- a/qcwcn/wifi_hal/wificonfig.cpp
+++ b/qcwcn/wifi_hal/wificonfig.cpp

@@ -31,6 +31,7 @@
 #include <utils/Log.h>
 #include <time.h>
 #include <errno.h>
+#include <stdlib.h>
 #include "wificonfigcommand.h"
 
 /* Implementation of the API functions exposed in wifi_config.h */
@@ -120,8 +121,7 @@
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate it randomly.
      */
-    srand(time(NULL));
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiConfigCommand = new WiFiConfigCommand(
                             wifiHandle,

diff --git a/qcwcn/wifi_hal/wifilogger.cpp b/qcwcn/wifi_hal/wifilogger.cpp
index be49102..9828eb7 100644
--- a/qcwcn/wifi_hal/wifilogger.cpp
+++ b/qcwcn/wifi_hal/wifilogger.cpp

@@ -35,6 +35,7 @@
 #include <utils/Log.h>
 #include "wifiloggercmd.h"
 #include "rb_wrapper.h"
+#include <stdlib.h>
 
 #define LOGGER_MEMDUMP_FILENAME "/proc/debug/fwdump"
 #define LOGGER_MEMDUMP_CHUNKSIZE (4 * 1024)
@@ -77,7 +78,7 @@
      * No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     if (buffer_name == NULL) {
         ALOGE("%s: Invalid Ring Name. \n", __FUNCTION__);
@@ -223,7 +224,7 @@
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                             wifiHandle,
@@ -292,7 +293,7 @@
         return WIFI_ERROR_UNKNOWN;
     }
 
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                                 wifiHandle,
@@ -358,7 +359,7 @@
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                                 wifiHandle,
@@ -422,7 +423,7 @@
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                             wifiHandle,
@@ -485,7 +486,7 @@
     /* No request id from caller, so generate one and pass it on to the driver.
      * Generate one randomly.
      */
-    requestId = rand();
+    requestId = get_requestid();
 
     wifiLoggerCommand = new WifiLoggerCommand(
                             wifiHandle,