summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2016-09-14 15:51:16 +0000
committerAndrew Yourtchenko <ayourtch@gmail.com>2016-09-14 15:51:16 +0000
commitacfb47d6c10266555272661fcf5e660c99d09545 (patch)
tree560319b9588062cf66c524dd4743407102cb106b
parent400c1cfc7aaa022e7871ec51a97c530cdac53de8 (diff)
VPP-408: fix coverity warning in run_ping_ip46_address()
CID 147141: Security best practices violations (DC.WEAK_CRYPTO) /vnet/vnet/ip/ping.c: 496 in run_ping_ip46_address() 490 ping_main_t *pm = &ping_main; 491 uword curr_proc = vlib_current_process (vm); 492 u32 n_replies = 0; 493 u32 n_requests = 0; 494 ping_run_t *pr = 0; 495 u32 ping_run_index = 0; CID 147141: Security best practices violations (DC.WEAK_CRYPTO) "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. 496 u16 icmp_id = rand (); 497 while (hash_get (pm->ping_run_by_icmp_id, icmp_id)) 498 { 499 vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id); 500 icmp_id++; 501 } Change-Id: I822350c03afce0b2dd35f37e27f55df82ca3443f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
-rw-r--r--vnet/vnet/ip/ping.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/vnet/vnet/ip/ping.c b/vnet/vnet/ip/ping.c
index 0c25118c904..b5842a69c50 100644
--- a/vnet/vnet/ip/ping.c
+++ b/vnet/vnet/ip/ping.c
@@ -493,7 +493,15 @@ run_ping_ip46_address (vlib_main_t * vm, ip4_address_t * pa4,
u32 n_requests = 0;
ping_run_t *pr = 0;
u32 ping_run_index = 0;
- u16 icmp_id = rand ();
+ u16 icmp_id;
+
+ static u32 rand_seed = 0;
+
+ if (PREDICT_FALSE(!rand_seed))
+ rand_seed = random_default_seed();
+
+ icmp_id = random_u32(&rand_seed) & 0xffff;
+
while (hash_get (pm->ping_run_by_icmp_id, icmp_id))
{
vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id);