* [PATCH] ndp: Suppress Coverity false positive for random()
@ 2026-05-13 10:26 Laurent Vivier
0 siblings, 0 replies; only message in thread
From: Laurent Vivier @ 2026-05-13 10:26 UTC (permalink / raw)
To: passt-dev; +Cc: Laurent Vivier
Coverity flags the random() call in ndp_timer() with the dont_call
checker, warning that it should not be used for security-related
applications.
This is a false positive: random() is used here to jitter the interval
between unsolicited Router Advertisements as required by RFC 4861, to
prevent synchronisation between routers on a link. No cryptographic
strength is needed.
Suppress the warning with an inline Coverity annotation.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
---
ndp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ndp.c b/ndp.c
index 1f2bcb0cc7ea..614932ac5829 100644
--- a/ndp.c
+++ b/ndp.c
@@ -441,6 +441,7 @@ void ndp_timer(const struct ctx *c, const struct timespec *now)
* again, it's close enough for our purposes.
*/
interval = min_rtr_adv_interval +
+ /* coverity[dont_call:FALSE] */
random() % (max_rtr_adv_interval - min_rtr_adv_interval);
if (!next_ra)
--
2.54.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-13 10:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-05-13 10:26 [PATCH] ndp: Suppress Coverity false positive for random() Laurent Vivier
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).