WiFi-HAL: Removing usage of rand and srand functions
Usage of rand and srand function is a moderate security
vulnerability, thus removing the usage of this and replacing
with arc4random.
Change-Id: I5f24e96817bf3de09848f5626278ac65b00e07ed
diff --git a/qcwcn/wifi_hal/common.h b/qcwcn/wifi_hal/common.h
index f7d49e9..7669422 100644
--- a/qcwcn/wifi_hal/common.h
+++ b/qcwcn/wifi_hal/common.h
@@ -166,6 +166,9 @@
#define min(x, y) ((x) < (y) ? (x) : (y))
#define max(x, y) ((x) > (y) ? (x) : (y))
+#define REQUEST_ID_MAX 1000
+#define get_requestid() ((arc4random()%REQUEST_ID_MAX) + 1)
+
#ifdef __cplusplus
extern "C"
{
diff --git a/qcwcn/wifi_hal/gscan.cpp b/qcwcn/wifi_hal/gscan.cpp
index cd0b952..03528a8 100644
--- a/qcwcn/wifi_hal/gscan.cpp
+++ b/qcwcn/wifi_hal/gscan.cpp
@@ -20,6 +20,7 @@
#include <errno.h>
#include <time.h>
#include <errno.h>
+#include <stdlib.h>
#include "common.h"
#include "cpp_bindings.h"
@@ -110,7 +111,7 @@
/* No request id from caller, so generate one and pass it on to the driver.
* Generate one randomly.
*/
- requestId = rand();
+ requestId = get_requestid();
ALOGI("%s: RequestId:%d Enter band:%d max_channels:%d", __FUNCTION__,
requestId, band, max_channels);
@@ -208,7 +209,7 @@
/* No request id from caller, so generate one and pass it on to the driver.
* Generate it randomly.
*/
- requestId = rand();
+ requestId = get_requestid();
ALOGI("%s: Enter RequestId:%d", __FUNCTION__, requestId);
if (capabilities == NULL) {
@@ -1216,7 +1217,7 @@
/* No request id from caller, so generate one and pass it on to the driver. */
/* Generate it randomly */
- requestId = rand();
+ requestId = get_requestid();
ALOGI("%s: Enter RequestId:%d", __FUNCTION__, requestId);
if (results == NULL || num == NULL) {
diff --git a/qcwcn/wifi_hal/wifi_hal.cpp b/qcwcn/wifi_hal/wifi_hal.cpp
index 7942cfd..3e2437f 100644
--- a/qcwcn/wifi_hal/wifi_hal.cpp
+++ b/qcwcn/wifi_hal/wifi_hal.cpp
@@ -308,7 +308,6 @@
struct nl_sock *cmd_sock = NULL;
struct nl_sock *event_sock = NULL;
struct nl_cb *cb = NULL;
- srand(getpid());
ALOGI("Initializing wifi");
hal_info *info = (hal_info *)malloc(sizeof(hal_info));
diff --git a/qcwcn/wifi_hal/wificonfig.cpp b/qcwcn/wifi_hal/wificonfig.cpp
index 5f30891..78cb377 100644
--- a/qcwcn/wifi_hal/wificonfig.cpp
+++ b/qcwcn/wifi_hal/wificonfig.cpp
@@ -31,6 +31,7 @@
#include <utils/Log.h>
#include <time.h>
#include <errno.h>
+#include <stdlib.h>
#include "wificonfigcommand.h"
/* Implementation of the API functions exposed in wifi_config.h */
@@ -120,8 +121,7 @@
/* No request id from caller, so generate one and pass it on to the driver.
* Generate it randomly.
*/
- srand(time(NULL));
- requestId = rand();
+ requestId = get_requestid();
wifiConfigCommand = new WiFiConfigCommand(
wifiHandle,
diff --git a/qcwcn/wifi_hal/wifilogger.cpp b/qcwcn/wifi_hal/wifilogger.cpp
index be49102..9828eb7 100644
--- a/qcwcn/wifi_hal/wifilogger.cpp
+++ b/qcwcn/wifi_hal/wifilogger.cpp
@@ -35,6 +35,7 @@
#include <utils/Log.h>
#include "wifiloggercmd.h"
#include "rb_wrapper.h"
+#include <stdlib.h>
#define LOGGER_MEMDUMP_FILENAME "/proc/debug/fwdump"
#define LOGGER_MEMDUMP_CHUNKSIZE (4 * 1024)
@@ -77,7 +78,7 @@
* No request id from caller, so generate one and pass it on to the driver.
* Generate one randomly.
*/
- requestId = rand();
+ requestId = get_requestid();
if (buffer_name == NULL) {
ALOGE("%s: Invalid Ring Name. \n", __FUNCTION__);
@@ -223,7 +224,7 @@
/* No request id from caller, so generate one and pass it on to the driver.
* Generate one randomly.
*/
- requestId = rand();
+ requestId = get_requestid();
wifiLoggerCommand = new WifiLoggerCommand(
wifiHandle,
@@ -292,7 +293,7 @@
return WIFI_ERROR_UNKNOWN;
}
- requestId = rand();
+ requestId = get_requestid();
wifiLoggerCommand = new WifiLoggerCommand(
wifiHandle,
@@ -358,7 +359,7 @@
/* No request id from caller, so generate one and pass it on to the driver.
* Generate one randomly.
*/
- requestId = rand();
+ requestId = get_requestid();
wifiLoggerCommand = new WifiLoggerCommand(
wifiHandle,
@@ -422,7 +423,7 @@
/* No request id from caller, so generate one and pass it on to the driver.
* Generate one randomly.
*/
- requestId = rand();
+ requestId = get_requestid();
wifiLoggerCommand = new WifiLoggerCommand(
wifiHandle,
@@ -485,7 +486,7 @@
/* No request id from caller, so generate one and pass it on to the driver.
* Generate one randomly.
*/
- requestId = rand();
+ requestId = get_requestid();
wifiLoggerCommand = new WifiLoggerCommand(
wifiHandle,