From acfb47d6c10266555272661fcf5e660c99d09545 Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Wed, 14 Sep 2016 15:51:16 +0000 Subject: [PATCH] VPP-408: fix coverity warning in run_ping_ip46_address() CID 147141: Security best practices violations (DC.WEAK_CRYPTO) /vnet/vnet/ip/ping.c: 496 in run_ping_ip46_address() 490 ping_main_t *pm = &ping_main; 491 uword curr_proc = vlib_current_process (vm); 492 u32 n_replies = 0; 493 u32 n_requests = 0; 494 ping_run_t *pr = 0; 495 u32 ping_run_index = 0; CID 147141: Security best practices violations (DC.WEAK_CRYPTO) "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. 496 u16 icmp_id = rand (); 497 while (hash_get (pm->ping_run_by_icmp_id, icmp_id)) 498 { 499 vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id); 500 icmp_id++; 501 } Change-Id: I822350c03afce0b2dd35f37e27f55df82ca3443f Signed-off-by: Andrew Yourtchenko --- vnet/vnet/ip/ping.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/vnet/vnet/ip/ping.c b/vnet/vnet/ip/ping.c index 0c25118c904..b5842a69c50 100644 --- a/vnet/vnet/ip/ping.c +++ b/vnet/vnet/ip/ping.c @@ -493,7 +493,15 @@ run_ping_ip46_address (vlib_main_t * vm, ip4_address_t * pa4, u32 n_requests = 0; ping_run_t *pr = 0; u32 ping_run_index = 0; - u16 icmp_id = rand (); + u16 icmp_id; + + static u32 rand_seed = 0; + + if (PREDICT_FALSE(!rand_seed)) + rand_seed = random_default_seed(); + + icmp_id = random_u32(&rand_seed) & 0xffff; + while (hash_get (pm->ping_run_by_icmp_id, icmp_id)) { vlib_cli_output (vm, "ICMP ID collision at %d, incrementing", icmp_id); -- 2.16.6