From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 20 Nov 2019 10:35:07 +0000 (+0100)
Subject: - Fix Randomness Error not Handled Properly,
X-Git-Tag: release-1.9.6rc1~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7646c9625974ab6b3037baf56c9b6a41efd6356f;p=thirdparty%2Funbound.git

- Fix Randomness Error not Handled Properly,
  reported by X41 D-Sec.
---

diff --git a/doc/Changelog b/doc/Changelog
index cd1321578..004cf014a 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -8,6 +8,8 @@
 	- Adjust unbound-control to make stats_shm a read only operation.
 	- Fix Weak Entropy Used For Nettle,
 	  reported by X41 D-Sec.
+	- Fix Randomness Error not Handled Properly,
+	  reported by X41 D-Sec.
 
 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.
diff --git a/util/random.c b/util/random.c
index 1bdad6894..bda6d5a68 100644
--- a/util/random.c
+++ b/util/random.c
@@ -138,7 +138,9 @@ long int ub_random(struct ub_randstate* ATTR_UNUSED(state))
 	/* random 31 bit value. */
 	SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x));
 	if(s != SECSuccess) {
-		log_err("PK11_GenerateRandom error: %s",
+		/* unbound needs secure randomness for randomized
+		 * ID bits and port numbers in packets to upstream servers */
+		fatal_exit("PK11_GenerateRandom error: %s",
 			PORT_ErrorToString(PORT_GetError()));
 	}
 	return x & MAX_VALUE;