clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Fix Bad Randomness in Seed, reported by X41 D-Sec.

Browse Source
This commit is contained in:
W.C.A. Wijngaards 2019-11-20 14:40:50 +01:00
parent 981fedea0e
commit da4d6ffee3
4 changed files with 1 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daemon/daemon.c
View File

@ -250,8 +250,6 @@ daemon_init(void)
/* init timezone info while we are not chrooted yet */
tzset();
#endif
/* open /dev/urandom if needed */
ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67);
daemon->need_to_exit = 0;
modstack_init(&daemon->mods);
if(!(daemon->env = (struct module_env*)calloc(1,

1
doc/Changelog
View File

@ -37,6 +37,7 @@
- Fix Enum Name not Used, reported by X41 D-Sec.
- Fix NULL Pointer Dereference via Control Port,
reported by X41 D-Sec.
- Fix Bad Randomness in Seed, reported by X41 D-Sec.
19 November 2019: Wouter
- Fix CVE-2019-18934, shell execution in ipsecmod.

19
util/random.c
View File

@ -79,12 +79,6 @@
#define MAX_VALUE 0x7fffffff
#if defined(HAVE_SSL)
void
ub_systemseed(unsigned int ATTR_UNUSED(seed))
{
/* arc4random_uniform does not need seeds, it gets kernel entropy */
}
struct ub_randstate*
ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
{
@ -118,10 +112,6 @@ struct ub_randstate {
int ready;
};
void ub_systemseed(unsigned int ATTR_UNUSED(seed))
{
}
struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
{
struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));
@ -157,15 +147,6 @@ struct ub_randstate {
int seeded;
};
void ub_systemseed(unsigned int ATTR_UNUSED(seed))
{
/**
* We seed on init and not here, as we need the ctx to re-seed.
* This also means that re-seeding is not supported.
*/
log_err("Re-seeding not supported, generator untouched");
}
struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
{
struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));

8
util/random.h
View File

@ -47,14 +47,6 @@
*/
struct ub_randstate;
/**
* Initialize the system randomness. Obtains entropy from the system
* before a chroot or privilege makes it unavailable.
* You do not have to call this, otherwise ub_initstate does so.
* @param seed: seed value to create state (if no good entropy is found).
*/
void ub_systemseed(unsigned int seed);
/**
* Initialize a random generator state for use
* @param from: if not NULL, the seed is taken from this random structure.