diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2016-09-14 15:51:16 +0000 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2016-09-14 15:51:16 +0000 |
commit | acfb47d6c10266555272661fcf5e660c99d09545 (patch) | |
tree | 560319b9588062cf66c524dd4743407102cb106b | |
parent | 400c1cfc7aaa022e7871ec51a97c530cdac53de8 (diff) |
VPP-408: fix coverity warning in run_ping_ip46_address()
CID 147141: Security best practices violations (DC.WEAK_CRYPTO)
/vnet/vnet/ip/ping.c: 496 in run_ping_ip46_address()
490 ping_main_t *pm = &ping_main;
491 uword curr_proc = vlib_current_process (vm);
492 u32 n_replies = 0;
493 u32 n_requests = 0;
494 ping_run_t *pr = 0;
495 u32 ping_run_index = 0;
CID 147141: Security best practices violations (DC.WEAK_CRYPTO)
"rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.
496 u16 icmp_id = rand ();
497 while (hash_get (pm->ping_run_by_icmp_id, icmp_id))
498 { 499 vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id); 500 icmp_id++; 501 }
Change-Id: I822350c03afce0b2dd35f37e27f55df82ca3443f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
-rw-r--r-- | vnet/vnet/ip/ping.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/vnet/vnet/ip/ping.c b/vnet/vnet/ip/ping.c index 0c25118c904..b5842a69c50 100644 --- a/vnet/vnet/ip/ping.c +++ b/vnet/vnet/ip/ping.c @@ -493,7 +493,15 @@ run_ping_ip46_address (vlib_main_t * vm, ip4_address_t * pa4, u32 n_requests = 0; ping_run_t *pr = 0; u32 ping_run_index = 0; - u16 icmp_id = rand (); + u16 icmp_id; + + static u32 rand_seed = 0; + + if (PREDICT_FALSE(!rand_seed)) + rand_seed = random_default_seed(); + + icmp_id = random_u32(&rand_seed) & 0xffff; + while (hash_get (pm->ping_run_by_icmp_id, icmp_id)) { vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id); |