From: Ondřej Surý <ondrej@isc.org>
Date: Fri, 24 Oct 2025 08:34:33 +0000 (+0300)
Subject: Fix assertion failure from arc4random_uniform with invalid limit
X-Git-Tag: v9.21.15~37^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=871bce312b651cebe2da9fcfc4688f3b49f6895c;p=thirdparty%2Fbind9.git

Fix assertion failure from arc4random_uniform with invalid limit

When the arc4random_uniform() is called on NetBSD with upper_bound that
makes no sense statistically (0 or 1), the call crashes the calling
program.  Fix this by returning 0 when upper bound is < 2 as does Linux,
FreeBSD and NetBSD.  (Hint: System CSPRNG should never crash.)
---

diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
index efee399095e..757a6486a88 100644
--- a/lib/isc/include/isc/random.h
+++ b/lib/isc/include/isc/random.h
@@ -25,9 +25,10 @@
  */
 
 #if HAVE_ARC4RANDOM && !defined(__linux__)
-#define isc_random32()			arc4random()
-#define isc_random_buf(buf, buflen)	arc4random_buf(buf, buflen)
-#define isc_random_uniform(upper_bound) arc4random_uniform(upper_bound)
+#define isc_random32()		    arc4random()
+#define isc_random_buf(buf, buflen) arc4random_buf(buf, buflen)
+#define isc_random_uniform(upper_bound) \
+	((upper_bound) < 2 ? 0 : arc4random_uniform(upper_bound))
 #else /* HAVE_ARC4RANDOM && !defined(__linux__) */
 uint32_t
 isc_random32(void);