[SERVER-18342] Coverity analysis defect 72071: Don't call - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Gone away
Affects Version/s: None
Fix Version/s: None
Component/s: Testing Infrastructure
Labels:
- coverity

Backwards Compatibility:
Fully Compatible
Operating System:
ALL

Description

The called function is unsafe for security related code

Defect 72071 (STATIC_C)
Checker DC.WEAK_CRYPTO (subcategory none)
File: /src/mongo/scripting/bson_template_evaluator.cpp
Function mongo::BsonTemplateEvaluator::evalRandInt(mongo::BsonTemplateEvaluator*, const char *, const mongo::BSONObj &, mongo::BSONObjBuilder &)
/src/mongo/scripting/bson_template_evaluator.cpp, line: 172
"rand()" should not be used for security related applications, as linear congruential algorithms are too easy to break.

            int randomNum = min + (rand() % (max - min));

Attachments

Activity

People

Assignee:: Matt Kangas

Reporter:: Coverity Collector User

Participants:: Coverity Collector User, Matt Kangas

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: May 06 2015 05:41:32 PM UTC

Updated:: May 06 2015 06:24:14 PM UTC

Resolved:: May 06 2015 06:24:14 PM UTC