mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: log warning when falling back to weak PRNG

Browse source 
Cryptography: Low

When getrandom() fails, pw_random() silently falls back to rand() or
random_r() seeded from the system clock. This fallback produces
predictable output that should not be used for security-sensitive
operations like WebSocket key generation or network protocol IDs.

Add a warning log message when the fallback is triggered so that
administrators are aware of the degraded random number generation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-24 16:21:27 +02:00
parent ebbc9acc90
commit 470c63d436
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/pipewire/utils.c
View file

@ -336,6 +336,7 @@ void pw_random(void *buf, size_t buflen)
{ {
if (pw_getrandom(buf, buflen, 0) < 0) { if (pw_getrandom(buf, buflen, 0) < 0) {
uint8_t *p = buf; uint8_t *p = buf;
pw_log_warn("getrandom failed, falling back to weak PRNG");
while (buflen-- > 0) { while (buflen-- > 0) {
int32_t val; int32_t val;
#ifdef HAVE_RANDOM_R #ifdef HAVE_RANDOM_R