1 /*
2 * Copyright (C) 2013 Red Hat, Inc.
3 *
4 * All rights reserved.
5 *
6 * Author: Jan Friesse <jfriesse@redhat.com>
7 *
8 * libqb is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published by
10 * the Free Software Foundation, either version 2.1 of the License, or
11 * (at your option) any later version.
12 *
13 * libqb is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with libqb. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include <sys/types.h>
23
24 #include <assert.h>
25 #include <err.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <time.h>
30 #include <unistd.h>
31
32 static void usage(void)
33 {
34 printf("Usage: [ -i input_file] [ -o output_file ] [ -n no_bytes]\n");
35 printf("Changes no_bytes (default 1024) in input_file (default = - = stdin) and store\n");
36 printf("result to output_file (default = - = stdout). It's possible to use same file\n");
37 printf("as both input and output\n");
38
39 exit(1);
40 }
41
42 static void init_rand(void) {
43 unsigned int init_v;
44
45 init_v = time(NULL) + getpid();
46
47 srand(init_v);
48 }
49
50 int main(int argc, char *argv[])
51 {
52 FILE *fi, *fo;
53 int i;
54 const char *input_file_name;
55 const char *output_file_name;
56 int no_bytes;
57 char *ep;
58 int ch;
59 unsigned char *data;
60 size_t data_size;
61 size_t data_pos;
62 size_t input_data_size;
63 unsigned char buf[1024];
64
65 input_file_name = "-";
66 output_file_name = "-";
67 no_bytes = 1024;
68
69 while ((ch = getopt(argc, argv, "hi:o:n:")) != -1) {
70 switch (ch) {
71 case 'i':
72 input_file_name = optarg;
73 break;
74 case 'n':
75 no_bytes = strtol(optarg, &ep, 10);
76 if (no_bytes < 0 || *ep != '\0') {
77 warnx("illegal number -- %s", argv[2]);
78 usage();
79 }
80 break;
81 case 'o':
82 output_file_name = optarg;
83 break;
84 case 'h':
85 case '?':
86 default:
87 usage();
88 /* NOTREACHED */
89 }
90 }
91
92 if (strcmp(input_file_name, "-") == 0) {
93 fi = stdin;
94 } else {
95 fi = fopen(input_file_name, "rb");
96 if (fi == NULL) {
97 err(1, "%s", input_file_name);
98 }
99 }
100
101 /*
102 * Open and fully read input file
103 */
104 data = NULL;
105 data_size = 0;
106 data_pos = 0;
107 while ((input_data_size = fread(buf, 1, sizeof(buf), fi)) != 0) {
108 if (data_pos + input_data_size >= data_size) {
109 data_size = (data_size + input_data_size) * 2;
110 assert((data = realloc(data, data_size)) != NULL);
111 }
112 memcpy(data + data_pos, buf, input_data_size);
113 data_pos += input_data_size;
114 }
115 fclose(fi);
116
117 /*
118 * Change bytes
119 */
120 init_rand();
121
122 for (i = 0; i < no_bytes; i++) {
|
(1) Event dont_call: |
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break. |
|
(2) Event remediation: |
Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and CNG (Cryptography API: Next Generation) on Windows. |
123 data[rand() % data_pos] = rand();
124 }
125
126 /*
127 * Fully write ouput file
128 */
129 if (strcmp(output_file_name, "-") == 0) {
130 fo = stdout;
131 } else {
132 fo = fopen(output_file_name, "wb");
133 if (fo == NULL) {
134 err(1, "%s", output_file_name);
135 }
136 }
137 assert(fwrite(data, 1, data_pos, fo) == data_pos);
138 fclose(fo);
139
140 free(data);
141
142 return (0);
143 }
144