Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Testing Infrastructure
Labels:
- coverity

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

The called function is unsafe for security related code

Defect 72071 (STATIC_C)
Checker DC.WEAK_CRYPTO (subcategory none)
File: /src/mongo/scripting/bson_template_evaluator.cpp
Function mongo::BsonTemplateEvaluator::evalRandInt(mongo::BsonTemplateEvaluator*, const char *, const mongo::BSONObj &, mongo::BSONObjBuilder &)
/src/mongo/scripting/bson_template_evaluator.cpp, line: 172
"rand()" should not be used for security related applications, as linear congruential algorithms are too easy to break.

            int randomNum = min + (rand() % (max - min));

Assignee:: Matt Kangas (Inactive)
Reporter:: Coverity Collector User
Participants:: Coverity Collector User, Matt Kangas
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: May 06 2015 05:41:32 PM UTC
Updated:: May 06 2015 06:24:14 PM UTC
Resolved:: May 06 2015 06:24:14 PM UTC

Details

Description

Attachments

Activity

People

Dates