ua1zbe
/
aprsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add coverity warning squelching for perfectly safe random() calls 

where random is used in non-security-sensitive ways for things like
distributing timer event load
This commit is contained in:
Heikki Hannikainen 2016-08-15 20:07:23 +03:00
parent f84a9f77fc
commit ab4c1aa9f7
5 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/accept.c
View File

@ -1207,8 +1207,10 @@ static int accept_liveupgrade_single(cJSON *client, int *rxerr_map, int rxerr_ma
} }
/* distribute keepalive intervals for the existing old clients /* distribute keepalive intervals for the existing old clients
* but send them rather sooner than later */ * but send them rather sooner than later */
// coverity[dont_call] // squelch warning: not security sensitive use of random(): load distribution
c->keepalive = tick + (random() % (keepalive_interval/2)); c->keepalive = tick + (random() % (keepalive_interval/2));
/* distribute cleanup intervals over the next 2 minutes */ /* distribute cleanup intervals over the next 2 minutes */
// coverity[dont_call] // squelch warning: not security sensitive use of random(): load distribution
c->cleanup = tick + (random() % 120); c->cleanup = tick + (random() % 120);
c->connect_time = time_connect->valueint; c->connect_time = time_connect->valueint;

5
src/aprsc.c
View File

@ -589,8 +589,10 @@ static void generate_instance_id(void)
if (fd < 0) { if (fd < 0) {
/* urandom failed for us, use something inferior */ /* urandom failed for us, use something inferior */
for (l = 0; l < INSTANCE_ID_LEN; l++) for (l = 0; l < INSTANCE_ID_LEN; l++) {
// coverity[dont_call] // squelch warning: not security sensitive use of random()
s[l] = random() % 256; s[l] = random() % 256;
}
} }
for (l = 0; l < INSTANCE_ID_LEN; l++) { for (l = 0; l < INSTANCE_ID_LEN; l++) {
@ -883,6 +885,7 @@ int main(int argc, char **argv)
time_set_tick_and_now(); time_set_tick_and_now();
cleanup_tick = tick; cleanup_tick = tick;
// coverity[dont_call] // squelch warning: not security sensitive use of random()
version_tick = tick + random() % 60; /* some load distribution */ version_tick = tick + random() % 60; /* some load distribution */
startup_tick = tick; startup_tick = tick;
startup_time = now; startup_time = now;

2
src/config.c
View File

@ -548,6 +548,7 @@ int do_peergroup(struct peerip_config_t **lq, int argc, char **argv)
/* Configure a listener */ /* Configure a listener */
li = hmalloc(sizeof(*li)); li = hmalloc(sizeof(*li));
memset(li, 0, sizeof(*li)); memset(li, 0, sizeof(*li));
// coverity[dont_call] // squelch warning: not security sensitive use of random(): local id
li->id = random(); li->id = random();
li->corepeer = 1; li->corepeer = 1;
li->name = hstrdup(argv[1]); li->name = hstrdup(argv[1]);
@ -1126,6 +1127,7 @@ int do_listen(struct listen_config_t **lq, int argc, char **argv)
l->id = old_l->id; l->id = old_l->id;
} else { } else {
/* new config, assign new id */ /* new config, assign new id */
// coverity[dont_call] // squelch warning: not security sensitive use of random(): local id
l->id = random(); l->id = random();
} }

1
src/messaging.c
View File

@ -30,6 +30,7 @@ void messaging_generate_msgid(char *buf, int buflen)
int i, c; int i, c;
for (i = 0; i < buflen-1; i++) { for (i = 0; i < buflen-1; i++) {
// coverity[dont_call] // squelch warning: not security sensitive use of random(): APRS message-id
c = random() % (2*26 + 10); /* letters and numbers */ c = random() % (2*26 + 10); /* letters and numbers */
if (c < 10) if (c < 10)

1
src/uplink.c
View File

@ -430,6 +430,7 @@ int make_uplink(struct uplink_config_t *l)
} }
/* Pick random address to start from */ /* Pick random address to start from */
// coverity[dont_call] // squelch warning: not security sensitive use of random()
i = random() % addrc; i = random() % addrc;
/* Then lets try making socket and connection in address order */ /* Then lets try making socket and connection in address order */