MSC30-C. Do not use the rand function

The C Standard function rand (available in stdlib.h) does not have good random number properties. The numbers generated by rand have a comparatively short cycle, and the numbers may be predictable.

Non-Compliant Code Example

The following code generates an ID with a numeric part produced by calling the rand() function. The IDs produced will be predictable and have limited randomness.

enum {len = 12};
char id[len];  // id will hold the ID, starting with the characters "ID"
               // followed by a random integer
int r;
int num;
...
r = rand();  // generate a random integer
num = snprintf(id, len, "ID%-d", r);  // generate the ID
...

Compliant Solution

A better pseudo random number generator is the BSD function random.

enum {len = 12};
char id[len];  // id will hold the ID, starting with the characters "ID"
               // followed by a random integer
int r;
int num;
...
srandom(time(0));  // seed the PRNG with the current time
...
r = random();  // generate a random integer
num = snprintf(id, len, "ID%-d", r);  // generate the ID
...

The rand48 family of functions provides another alternative.

Note. These pseudo random number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random. For true randomness, Linux users can use the character devices /dev/random or /dev/urandom, but it is advisable to retrieve only a small number of characters from these devices. (The device /dev/random may block for a long time if there are not enough events going on to generate sufficient randomness; /dev/urandom does not block.)

Risk Assessment

Using the rand function may lead to programming problems (for example, non-unique unique IDs) or weak cryptography.

Examples of vulnerabilities resulting from the violation of this rule can be found on the CERTwebsite.

References

[[ISO/IEC 9899-1999]] Section 7.20.2.1, "The rand function"