From 3c58db84b42e7f0c7bc1e50997f59c4180567861 Mon Sep 17 00:00:00 2001
From: Bryan Biedenkapp <gatekeep@jmp.cx>
Date: Fri, 23 Oct 2020 16:35:07 +0000
Subject: [PATCH] upstream: fix buffer overflow, upstream: replace rand() ->
 MT19937 random number generator;

---
 Log.cpp                 | 12 +++++------
 network/BaseNetwork.cpp | 44 +++++++++++++++++++++++++----------------
 network/BaseNetwork.h   |  6 ++++++
 3 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/Log.cpp b/Log.cpp
index 9e269d4a..516c3d5b 100644
--- a/Log.cpp
+++ b/Log.cpp
@@ -102,7 +102,7 @@ static bool LogOpen()
             ::fclose(m_fpLog);
     }
 
-    char filename[100U];
+    char filename[200U];
 #if defined(_WIN32) || defined(_WIN64)
     ::sprintf(filename, "%s\\%s-%04d-%02d-%02d.log", m_filePath.c_str(), m_fileRoot.c_str(), tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
 #else
@@ -134,7 +134,7 @@ static bool ActivityLogOpen()
             ::fclose(m_actFpLog);
     }
 
-    char filename[100U];
+    char filename[200U];
 #if defined(_WIN32) || defined(_WIN64)
     ::sprintf(filename, "%s\\%s-%04d-%02d-%02d.activity.log", m_filePath.c_str(), m_fileRoot.c_str(), tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
 #else
@@ -180,7 +180,7 @@ void ActivityLog(const char *mode, const bool sourceRf, const char* msg, ...)
     assert(mode != NULL);
     assert(msg != NULL);
 
-    char buffer[400U];
+    char buffer[501U];
 #if defined(_WIN32) || defined(_WIN64)
     SYSTEMTIME st;
     ::GetSystemTime(&st);
@@ -198,7 +198,7 @@ void ActivityLog(const char *mode, const bool sourceRf, const char* msg, ...)
     va_list vl;
     va_start(vl, msg);
 
-    ::vsprintf(buffer + ::strlen(buffer), msg, vl);
+    ::vsnprintf(buffer + ::strlen(buffer), 500, msg, vl);
 
     va_end(vl);
 
@@ -274,7 +274,7 @@ void Log(uint32_t level, const char *module, const char* fmt, ...)
 {
     assert(fmt != NULL);
 
-    char buffer[300U];
+    char buffer[501U];
 #if defined(_WIN32) || defined(_WIN64)
     SYSTEMTIME st;
     ::GetSystemTime(&st);
@@ -302,7 +302,7 @@ void Log(uint32_t level, const char *module, const char* fmt, ...)
     va_list vl;
     va_start(vl, fmt);
 
-    ::vsprintf(buffer + ::strlen(buffer), fmt, vl);
+    ::vsnprintf(buffer + ::strlen(buffer), 500, fmt, vl);
 
     va_end(vl);
 
diff --git a/network/BaseNetwork.cpp b/network/BaseNetwork.cpp
index 355e64d1..55a56eb0 100644
--- a/network/BaseNetwork.cpp
+++ b/network/BaseNetwork.cpp
@@ -32,7 +32,6 @@
 #include "edac/SHA256.h"
 #include "network/BaseNetwork.h"
 #include "Log.h"
-#include "StopWatch.h"
 #include "Utils.h"
 
 using namespace network;
@@ -71,7 +70,8 @@ BaseNetwork::BaseNetwork(uint32_t localPort, uint32_t id, bool duplex, bool debu
     m_p25StreamId(0U),
     m_rxDMRData(4000U, "DMR Net Buffer"),
     m_rxP25Data(4000U, "P25 Net Buffer"),
-    m_audio()
+    m_audio(),
+    m_random()
 {
     assert(id > 1000U);
 
@@ -79,12 +79,14 @@ BaseNetwork::BaseNetwork(uint32_t localPort, uint32_t id, bool duplex, bool debu
     m_salt = new uint8_t[sizeof(uint32_t)];
     m_streamId = new uint32_t[2U];
 
-    m_p25StreamId = 0U;
-    m_streamId[0U] = 0x00U;
-    m_streamId[1U] = 0x00U;
+    std::random_device rd;
+    std::mt19937 mt(rd());
+    m_random = mt;
 
-    StopWatch stopWatch;
-    ::srand((uint32_t)stopWatch.start());
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
+    m_p25StreamId = dist(m_random);
+    m_streamId[0U] = dist(m_random);
+    m_streamId[1U] = dist(m_random);
 }
 
 /// <summary>
@@ -256,12 +258,13 @@ bool BaseNetwork::writeDMR(const dmr::data::Data& data)
 
     uint32_t slotIndex = slotNo - 1U;
 
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
     if (dataType == dmr::DT_VOICE_LC_HEADER) {
-        m_streamId[slotIndex] = ::rand() + 1U;
+        m_streamId[slotIndex] = dist(m_random);
     }
 
     if (dataType == dmr::DT_CSBK || dataType == dmr::DT_DATA_HEADER) {
-        m_streamId[slotIndex] = ::rand() + 1U;
+        m_streamId[slotIndex] = dist(m_random);
     }
 
     return writeDMR(m_id, m_streamId[slotIndex], data);
@@ -279,8 +282,9 @@ bool BaseNetwork::writeP25LDU1(const p25::lc::LC& control, const p25::data::LowS
     if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
         return false;
 
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
     if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);
 
     m_streamId[0] = m_p25StreamId;
 
@@ -299,8 +303,9 @@ bool BaseNetwork::writeP25LDU2(const p25::lc::LC& control, const p25::data::LowS
     if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
         return false;
 
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
     if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);
 
     m_streamId[0] = m_p25StreamId;
 
@@ -318,8 +323,9 @@ bool BaseNetwork::writeP25TDU(const p25::lc::LC& control, const p25::data::LowSp
     if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
         return false;
 
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
     if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);
 
     m_streamId[0] = m_p25StreamId;
 
@@ -337,8 +343,9 @@ bool BaseNetwork::writeP25TSDU(const p25::lc::TSBK& tsbk, const uint8_t* data)
     if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
         return false;
 
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
     if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);
 
     m_streamId[0] = m_p25StreamId;
 
@@ -358,8 +365,9 @@ bool BaseNetwork::writeP25PDU(const uint32_t llId, const uint8_t dataType, const
     if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
         return false;
 
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
     if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);
 
     m_streamId[0] = m_p25StreamId;
 
@@ -398,11 +406,12 @@ void BaseNetwork::resetDMR(uint32_t slotNo)
 {
     assert(slotNo == 1U || slotNo == 2U);
 
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
     if (slotNo == 1U) {
-        m_streamId[0U] = ::rand() + 1U;
+        m_streamId[0U] = dist(m_random);
     }
     else {
-        m_streamId[1U] = ::rand() + 1U;
+        m_streamId[1U] = dist(m_random);
     }
 
     m_rxDMRData.clear();
@@ -413,7 +422,8 @@ void BaseNetwork::resetDMR(uint32_t slotNo)
 /// </summary>
 void BaseNetwork::resetP25()
 {
-    m_p25StreamId = ::rand() + 1U;
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
+    m_p25StreamId = dist(m_random);
     m_streamId[0] = m_p25StreamId;
 
     m_rxP25Data.clear();
diff --git a/network/BaseNetwork.h b/network/BaseNetwork.h
index f4e78030..c59dd425 100644
--- a/network/BaseNetwork.h
+++ b/network/BaseNetwork.h
@@ -46,10 +46,14 @@
 
 #include <string>
 #include <cstdint>
+#include <random>
 
 // ---------------------------------------------------------------------------
 //  Constants
 // ---------------------------------------------------------------------------
+#define DVM_RAND_MIN 0x00000001
+#define DVM_RAND_MAX 0xfffffffe
+
 #define TAG_DMR_DATA            "DMRD"
 #define TAG_P25_DATA            "P25D"
 
@@ -239,6 +243,8 @@ namespace network
 
         p25::Audio m_audio;
 
+        std::mt19937 m_random;
+
         /// <summary>Writes DMR frame data to the network.</summary>
         bool writeDMR(const uint32_t id, const uint32_t streamId, const dmr::data::Data& data);
         /// <summary>Writes P25 LDU1 frame data to the network.</summary>