Fix assertion failure from arc4random_uniform with invalid limit

When the arc4random_uniform() is called on NetBSD with upper_bound that
makes no sense statistically (0 or 1), the call crashes the calling
program.  Fix this by returning 0 when upper bound is < 2 as does Linux,
FreeBSD and NetBSD.  (Hint: System CSPRNG should never crash.)

diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
index efee399095ed48dd64e538045acb1f0c643f464f..757a6486a8825fb08b68d09b6c2725038557b76e 100644 (file)
--- a/lib/isc/include/isc/random.h
+++ b/lib/isc/include/isc/random.h
@@ -25,9 +25,10 @@
  */
 
 #if HAVE_ARC4RANDOM && !defined(__linux__)
-#define isc_random32()                 arc4random()
-#define isc_random_buf(buf, buflen)    arc4random_buf(buf, buflen)
-#define isc_random_uniform(upper_bound) arc4random_uniform(upper_bound)
+#define isc_random32()             arc4random()
+#define isc_random_buf(buf, buflen) arc4random_buf(buf, buflen)
+#define isc_random_uniform(upper_bound) \
+       ((upper_bound) < 2 ? 0 : arc4random_uniform(upper_bound))
 #else /* HAVE_ARC4RANDOM && !defined(__linux__) */
 uint32_t
 isc_random32(void);