- Fix Randomness Error not Handled Properly,

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Wed, 20 Nov 2019 10:35:07 +0000 (11:35 +0100)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Wed, 20 Nov 2019 10:35:07 +0000 (11:35 +0100)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 20 Nov 2019 10:35:07 +0000 (11:35 +0100)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 20 Nov 2019 10:35:07 +0000 (11:35 +0100)
diff --git a/doc/Changelog b/doc/Changelog

index cd1321578c4c2f4f43ec22b801a3437f20a54240..004cf014a3e8e6dd8e9aa977de880f765d6e80b9 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -8,6 +8,8 @@
         - Adjust unbound-control to make stats_shm a read only operation.
         - Fix Weak Entropy Used For Nettle,
           reported by X41 D-Sec.
+       - Fix Randomness Error not Handled Properly,
+         reported by X41 D-Sec.
  
  19 November 2019: Wouter
         - Fix CVE-2019-18934, shell execution in ipsecmod.
diff --git a/util/random.c b/util/random.c

index 1bdad6894874163628c499ee5f031ad0ee84497c..bda6d5a6891694262bdcc640083f2d26de8d8f5f 100644 (file)
--- a/util/random.c
+++ b/util/random.c
@@ -138,7 +138,9 @@ long int ub_random(struct ub_randstate* ATTR_UNUSED(state))
         /* random 31 bit value. */
         SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x));
         if(s != SECSuccess) {
-               log_err("PK11_GenerateRandom error: %s",
+               /* unbound needs secure randomness for randomized
+                * ID bits and port numbers in packets to upstream servers */
+               fatal_exit("PK11_GenerateRandom error: %s",
                         PORT_ErrorToString(PORT_GetError()));
         }
         return x & MAX_VALUE;
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Wed, 20 Nov 2019 10:35:07 +0000 (11:35 +0100)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Wed, 20 Nov 2019 10:35:07 +0000 (11:35 +0100)
doc/Changelog		patch \| blob \| blame \| history
util/random.c		patch \| blob \| blame \| history