From 962479bd632020dca0ccd5e1815d173e2d28c3ed Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Wed, 10 Feb 2021 18:32:03 +0100 Subject: [PATCH] TT#108003 Stop using random() While these usages are not supposed to be security sensitive, it's still best to avoid the usage altogether so that we do not need to think about it. Add a taint macro so that this does not regress in the future. Change-Id: Ic75861ed1b7ce9dfca4f897de8be2408204ce3cb Warned-by: coverity --- daemon/codec.c | 6 +++--- daemon/media_player.c | 6 +++--- daemon/sdp.c | 2 +- daemon/ssrc.c | 6 +++--- include/aux.h | 10 ++++++++++ lib/ssllib.c | 3 --- t/test-transcode.c | 4 +++- 7 files changed, 23 insertions(+), 14 deletions(-) diff --git a/daemon/codec.c b/daemon/codec.c index 5327e714c..ff81b6a11 100644 --- a/daemon/codec.c +++ b/daemon/codec.c @@ -368,7 +368,7 @@ struct codec_handler *codec_handler_make_playback(const struct rtp_payload_type handler->ssrc_handler = (void *) __ssrc_handler_transcode_new(handler); handler->ssrc_handler->first_ts = last_ts; while (handler->ssrc_handler->first_ts == 0) - handler->ssrc_handler->first_ts = random(); + handler->ssrc_handler->first_ts = ssl_random(); handler->ssrc_handler->rtp_mark = 1; ilogs(codec, LOG_DEBUG, "Created media playback context for " STR_FORMAT " -> " STR_FORMAT "", @@ -1194,7 +1194,7 @@ static void __rtcp_timer_run(struct timerthread_queue *q, void *p) { __rtcp_timer_free(rt); goto out; } - timeval_add_usec(&rtcp_timer, 5000000 + (random() % 2000000)); + timeval_add_usec(&rtcp_timer, 5000000 + (ssl_random() % 2000000)); media->rtcp_timer = rtcp_timer; __codec_rtcp_timer_schedule(media); @@ -1232,7 +1232,7 @@ static void __codec_rtcp_timer(struct call_media *receiver) { return; receiver->rtcp_timer = rtpe_now; - timeval_add_usec(&receiver->rtcp_timer, 5000000 + (random() % 2000000)); + timeval_add_usec(&receiver->rtcp_timer, 5000000 + (ssl_random() % 2000000)); __codec_rtcp_timer_schedule(receiver); // XXX unify with media player into a generic RTCP player } diff --git a/daemon/media_player.c b/daemon/media_player.c index 9447f0051..f0441875d 100644 --- a/daemon/media_player.c +++ b/daemon/media_player.c @@ -107,7 +107,7 @@ struct media_player *media_player_new(struct call_monologue *ml) { uint32_t ssrc = 0; while (ssrc == 0) - ssrc = random(); + ssrc = ssl_random(); struct ssrc_ctx *ssrc_ctx = get_ssrc_ctx(ssrc, ml->call->ssrc_hash, SSRC_DIR_OUTPUT, ml); ssrc_ctx->next_rtcp = rtpe_now; @@ -119,7 +119,7 @@ struct media_player *media_player_new(struct call_monologue *ml) { mp->run_func = media_player_read_packet; // default mp->call = obj_get(ml->call); mp->ml = ml; - mp->seq = random(); + mp->seq = ssl_random(); mp->ssrc_out = ssrc_ctx; av_init_packet(&mp->pkt); @@ -174,7 +174,7 @@ static void send_timer_rtcp(struct send_timer *st, struct ssrc_ctx *ssrc_out) { // XXX missing locking? ssrc_out->next_rtcp = rtpe_now; - timeval_add_usec(&ssrc_out->next_rtcp, 5000000 + (random() % 2000000)); + timeval_add_usec(&ssrc_out->next_rtcp, 5000000 + (ssl_random() % 2000000)); } diff --git a/daemon/sdp.c b/daemon/sdp.c index 4e2aa4412..dd6efe75f 100644 --- a/daemon/sdp.c +++ b/daemon/sdp.c @@ -2455,7 +2455,7 @@ int sdp_replace(struct sdp_chopper *chop, GQueue *sessions, struct call_monologu if (!monologue->sdp_version) { monologue->sdp_version = session->origin.version_num; if (monologue->sdp_version == 0 || monologue->sdp_version == ULLONG_MAX) - monologue->sdp_version = random(); + monologue->sdp_version = ssl_random(); } sess_conn = 0; diff --git a/daemon/ssrc.c b/daemon/ssrc.c index 22e52c249..b0148bdee 100644 --- a/daemon/ssrc.c +++ b/daemon/ssrc.c @@ -14,7 +14,7 @@ static void init_ssrc_ctx(struct ssrc_ctx *c, struct ssrc_entry_call *parent) { c->parent = parent; payload_tracker_init(&c->tracker); while (!c->ssrc_map_out) - c->ssrc_map_out = random(); + c->ssrc_map_out = ssl_random(); } static void init_ssrc_entry(struct ssrc_entry *ent, u_int32_t ssrc) { ent->ssrc = ssrc; @@ -26,8 +26,8 @@ static struct ssrc_entry *create_ssrc_entry_call(void *uptr) { ent = obj_alloc0("ssrc_entry_call", sizeof(*ent), __free_ssrc_entry_call); init_ssrc_ctx(&ent->input_ctx, ent); init_ssrc_ctx(&ent->output_ctx, ent); - //ent->seq_out = random(); - //ent->ts_out = random(); + //ent->seq_out = ssl_random(); + //ent->ts_out = ssl_random(); return &ent->h; } static void add_ssrc_entry(u_int32_t ssrc, struct ssrc_entry *ent, struct ssrc_hash *ht) { diff --git a/include/aux.h b/include/aux.h index 5a9a94945..0c9b7f1d9 100644 --- a/include/aux.h +++ b/include/aux.h @@ -242,6 +242,16 @@ INLINE int rlim(int res, rlim_t val) { +/*** TAINT FUNCTIONS ***/ + +#define taint_func(symbol, reason) \ + __typeof__(symbol) symbol __attribute__((__error__(reason))) + +taint_func(rand, "use ssl_random() instead"); +taint_func(random, "use ssl_random() instead"); +taint_func(srandom, "use RAND_seed() instead"); + + /*** INET ADDRESS HELPERS ***/ diff --git a/lib/ssllib.c b/lib/ssllib.c index c355192c5..144cbd237 100644 --- a/lib/ssllib.c +++ b/lib/ssllib.c @@ -39,9 +39,6 @@ static void make_OpenSSL_thread_safe(void) { void rtpe_ssl_init(void) { - struct timespec ts; - clock_gettime(CLOCK_REALTIME, &ts); - srandom(ts.tv_sec ^ ts.tv_nsec); #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) SSL_library_init(); SSL_load_error_strings(); diff --git a/t/test-transcode.c b/t/test-transcode.c index 8a6b08666..bd1c1bb6d 100644 --- a/t/test-transcode.c +++ b/t/test-transcode.c @@ -333,8 +333,10 @@ static void dtmf(const char *s) { #define AMR_WB_payload_noe "\xf1\xfc\xc1\x82\x04\x1d\xcc\x88\xc8\x34\xd4\x18\x84\xb1\xdf\x38\xba\xa1\x03\x9b\xbd\x13\x79\x1f\xf2\x53\x33\x16\x17\x7b\x73\x17\x5f\x1b\x05\x1f\x70" // bandwidth efficient int main(void) { + unsigned long random_seed = 0; + codeclib_init(0); - srandom(time(NULL)); + RAND_seed(&random_seed, sizeof(random_seed)); statistics_init(); codecs_init();