Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-18342

Coverity analysis defect 72071: Don't call

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Gone away
    • None
    • None
    • Testing Infrastructure
    • Fully Compatible
    • ALL

    Description

      The called function is unsafe for security related code

      Defect 72071 (STATIC_C)
      Checker DC.WEAK_CRYPTO (subcategory none)
      File: /src/mongo/scripting/bson_template_evaluator.cpp
      Function mongo::BsonTemplateEvaluator::evalRandInt(mongo::BsonTemplateEvaluator*, const char *, const mongo::BSONObj &, mongo::BSONObjBuilder &)
      /src/mongo/scripting/bson_template_evaluator.cpp, line: 172
      "rand()" should not be used for security related applications, as linear congruential algorithms are too easy to break.

                  int randomNum = min + (rand() % (max - min));

      Attachments

        Activity

          People

            matt.kangas Matt Kangas
            xgen-internal-coverity Coverity Collector User
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: