[SERVER-25781] Coverity analysis defect 99846: Don't call Created: 24/Aug/16  Updated: 19/Nov/16  Resolved: 08/Sep/16

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: 3.3.14

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Daniel Gottlieb (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

The called function is unsafe for security related code

Defect 99846 (STATIC_C)
Checker DC.WEAK_CRYPTO (subcategory none)
File: /src/mongo/db/modules/enterprise/src/queryable/queryable_mmapv1/queryable_alloc_state.cpp
Function mongo::queryable::AllocState::selectPageForFree(mongo::queryable::DataFile **, unsigned long *)
/src/mongo/db/modules/enterprise/src/queryable/queryable_mmapv1/queryable_alloc_state.cpp, line: 59
"rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.

        std::size_t pageToSelect = rand() % _numPagesAllocated;



 Comments   
Comment by Githook User [ 08/Sep/16 ]

Author:

{u'username': u'dgottlieb', u'name': u'Daniel Gottlieb', u'email': u'daniel.gottlieb@10gen.com'}

Message: SERVER-25781: Replace `rand` call with PseudoRandom
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/a9913dffb8829cbf735b04e8a8cace89966ed3dd

Generated at Thu Feb 08 04:10:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.