Opened 5 years ago
Last modified 4 years ago
#3678 new defect
remove random() from the source
| Reported by: | wlodekwencel | Owned by: | |
|---|---|---|---|
| Priority: | medium | Milestone: | Outstanding Tasks |
| Component: | crypto | Version: | git |
| Keywords: | Cc: | ||
| CVSS Scoring: | Parent Tickets: | ||
| Sensitive: | no | Defect Severity: | N/A |
| Sub-Project: | DHCP | Feature Depending on Ticket: | |
| Estimated Difficulty: | 0 | Add Hours to Ticket: | 0 |
| Total Hours: | 0 | Internal?: | no |
Description
Replace random() in /src/lib/util/range_utilities.h and /src/bin/perfdhcp/packet_storage.h to /dev/random as 'security best practice'
Coverity bugs no. 1232277 and 1232279
Subtickets
Change History (4)
comment:1 Changed 5 years ago by fdupont
comment:2 Changed 5 years ago by tomek
- Milestone changed from Kea-proposed to DHCP Outstanding Tasks
comment:3 Changed 5 years ago by sar
The perfdhcp/packet_storage.h code doesn't truly need a crypto level RNG.
comment:4 Changed 4 years ago by tomek
- Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks
Milestone renamed
Note: See
TracTickets for help on using
tickets.
It is far to be so simple and BTW /dev/random (vs. /dev/urandom) can block. Please consider #3474 too (as you can expect I'd prefer this solution)...