VPP-408: fix coverity warning in run_ping_ip46_address()

CID 147141: Security best practices violations (DC.WEAK_CRYPTO)
/vnet/vnet/ip/ping.c: 496 in run_ping_ip46_address()
490 ping_main_t *pm = &ping_main;
491 uword curr_proc = vlib_current_process (vm);
492 u32 n_replies = 0;
493 u32 n_requests = 0;
494 ping_run_t *pr = 0;
495 u32 ping_run_index = 0;
CID 147141: Security best practices violations (DC.WEAK_CRYPTO)
"rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.
496 u16 icmp_id = rand ();
497 while (hash_get (pm->ping_run_by_icmp_id, icmp_id))
498 { 499 vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id); 500 icmp_id++; 501 }

Change-Id: I822350c03afce0b2dd35f37e27f55df82ca3443f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

1 files changed, 9 insertions, 1 deletions

diff --git a/vnet/vnet/ip/ping.c b/vnet/vnet/ip/ping.c
index 0c25118c..b5842a69 100644
--- a/vnet/vnet/ip/ping.c
+++ b/vnet/vnet/ip/ping.c
@@ -493,7 +493,15 @@ run_ping_ip46_address (vlib_main_t * vm, ip4_address_t * pa4,
   u32 n_requests = 0;
   ping_run_t *pr = 0;
   u32 ping_run_index = 0;
-  u16 icmp_id = rand ();
+  u16 icmp_id;
+
+  static u32 rand_seed = 0;
+
+  if (PREDICT_FALSE(!rand_seed))
+      rand_seed = random_default_seed();
+
+  icmp_id = random_u32(&rand_seed) & 0xffff;
+
   while (hash_get (pm->ping_run_by_icmp_id, icmp_id))
     {
       vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id);