From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 4 Sep 2018 13:55:24 +0000 (+0200)
Subject: dns_random: Use uint32_t and not unsigned int
X-Git-Tag: auth-4.2.0-alpha1~17^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a49c8752db294dfe3eaff9665b5a15ee72d2f630;p=thirdparty%2Fpdns.git

dns_random: Use uint32_t and not unsigned int

Also, make sure the TSIG key generator will always fill up all the bits
in the key.
---

diff --git a/pdns/dns_random.cc b/pdns/dns_random.cc
index 4357af5625..7d5f7aa6ab 100644
--- a/pdns/dns_random.cc
+++ b/pdns/dns_random.cc
@@ -210,7 +210,7 @@ void dns_random_init(const string& data __attribute__((unused)), bool force) {
 }
 
 /* Parts of this code come from arc4random_uniform */
-unsigned int dns_random(unsigned int upper_bound) {
+uint32_t dns_random(uint32_t upper_bound) {
   if (chosen_rng == RNG_UNINITIALIZED)
     dns_random_setup();
 
@@ -241,7 +241,7 @@ unsigned int dns_random(unsigned int upper_bound) {
     throw std::runtime_error("Unreachable at " __FILE__ ":" + boost::lexical_cast<std::string>(__LINE__)); // cannot be reached
   case RNG_SODIUM:
 #if defined(HAVE_RANDOMBYTES_STIR) && !defined(USE_URANDOM_ONLY)
-    return static_cast<unsigned int>(randombytes_uniform(static_cast<uint32_t>(upper_bound)));
+    return randombytes_uniform(upper_bound);
 #else
     throw std::runtime_error("Unreachable at " __FILE__ ":" + boost::lexical_cast<std::string>(__LINE__)); // cannot be reached
 #endif /* RND_SODIUM */
@@ -271,7 +271,7 @@ unsigned int dns_random(unsigned int upper_bound) {
       }
   case RNG_ARC4RANDOM:
 #if defined(HAVE_ARC4RANDOM) && !defined(USE_URANDOM_ONLY)
-    return static_cast<unsigned int>(arc4random_uniform(static_cast<uint32_t>(upper_bound)));
+    return arc4random_uniform(upper_bound);
 #else
     throw std::runtime_error("Unreachable at " __FILE__ ":" + boost::lexical_cast<std::string>(__LINE__)); // cannot be reached
 #endif
diff --git a/pdns/dns_random.hh b/pdns/dns_random.hh
index c729da4bd0..ad163ee31c 100644
--- a/pdns/dns_random.hh
+++ b/pdns/dns_random.hh
@@ -21,8 +21,9 @@
  */
 #ifndef PDNS_DNS_RANDOM
 #define PDNS_DNS_RANDOM
+#include <cstdint>
 
 void dns_random_init(const std::string& data = "", bool force_reinit = false);
-unsigned int dns_random(unsigned int n);
+uint32_t dns_random(uint32_t n);
 
 #endif
diff --git a/pdns/tsigutils.cc b/pdns/tsigutils.cc
index 5559265486..20fb1c59ea 100644
--- a/pdns/tsigutils.cc
+++ b/pdns/tsigutils.cc
@@ -45,10 +45,19 @@ std::string makeTSIGKey(const DNSName& algorithm) {
     klen = 32;
   }
 
-  char tmpkey[64];
-  for (size_t i = 0; i < klen; i += 4) {
-    unsigned int t = dns_random(0xffffffff);
-    memcpy(tmpkey + i, &t, 4);
+  string tmpkey;
+  tmpkey.resize(klen);
+
+  for (size_t i = 0; i < klen; i += sizeof(uint32_t)) {
+    unsigned int t = dns_random(std::numeric_limits<uint32_t>::max());
+    memcpy(&tmpkey.at(i), &t, sizeof(uint32_t));
+    if (i + sizeof(uint32_t) > klen) {
+      size_t needed_bytes = klen - i;
+      for (size_t j = 0; j < needed_bytes; j++) {
+        uint8_t v = dns_random(0xff);
+        memcpy(&tmpkey.at(i + j), &v, sizeof(uint8_t));
+      }
+    }
   }
-  return Base64Encode(std::string(tmpkey, klen));
+  return Base64Encode(tmpkey);
 }