CID 147141: Security best practices violations (DC.WEAK_CRYPTO)
/vnet/vnet/ip/ping.c: 496 in run_ping_ip46_address()
490 ping_main_t *pm = &ping_main;
491 uword curr_proc = vlib_current_process (vm);
492 u32 n_replies = 0;
493 u32 n_requests = 0;
494 ping_run_t *pr = 0;
495 u32 ping_run_index = 0;
CID 147141: Security best practices violations (DC.WEAK_CRYPTO)
"rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.
496 u16 icmp_id = rand ();
497 while (hash_get (pm->ping_run_by_icmp_id, icmp_id))
498 { 499 vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id); 500 icmp_id++; 501 }
Change-Id: I822350c03afce0b2dd35f37e27f55df82ca3443f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
u32 n_requests = 0;
ping_run_t *pr = 0;
u32 ping_run_index = 0;
- u16 icmp_id = rand ();
+ u16 icmp_id;
+
+ static u32 rand_seed = 0;
+
+ if (PREDICT_FALSE(!rand_seed))
+ rand_seed = random_default_seed();
+
+ icmp_id = random_u32(&rand_seed) & 0xffff;
+
while (hash_get (pm->ping_run_by_icmp_id, icmp_id))
{
vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id);