From: W.C.A. Wijngaards Date: Wed, 20 Nov 2019 13:40:50 +0000 (+0100) Subject: - Fix Bad Randomness in Seed, reported by X41 D-Sec. X-Git-Tag: release-1.9.6rc1~33 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=da4d6ffee31a3ad44bff214da962f7a7e4fbf7df;p=thirdparty%2Funbound.git - Fix Bad Randomness in Seed, reported by X41 D-Sec. --- diff --git a/daemon/daemon.c b/daemon/daemon.c index a407800b5..0b1200a2e 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -250,8 +250,6 @@ daemon_init(void) /* init timezone info while we are not chrooted yet */ tzset(); #endif - /* open /dev/urandom if needed */ - ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67); daemon->need_to_exit = 0; modstack_init(&daemon->mods); if(!(daemon->env = (struct module_env*)calloc(1, diff --git a/doc/Changelog b/doc/Changelog index 75fb6a4ca..a92870553 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -37,6 +37,7 @@ - Fix Enum Name not Used, reported by X41 D-Sec. - Fix NULL Pointer Dereference via Control Port, reported by X41 D-Sec. + - Fix Bad Randomness in Seed, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/util/random.c b/util/random.c index bda6d5a68..bb564f2f9 100644 --- a/util/random.c +++ b/util/random.c @@ -79,12 +79,6 @@ #define MAX_VALUE 0x7fffffff #if defined(HAVE_SSL) -void -ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ - /* arc4random_uniform does not need seeds, it gets kernel entropy */ -} - struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { @@ -118,10 +112,6 @@ struct ub_randstate { int ready; }; -void ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ -} - struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); @@ -157,15 +147,6 @@ struct ub_randstate { int seeded; }; -void ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ -/** - * We seed on init and not here, as we need the ctx to re-seed. - * This also means that re-seeding is not supported. - */ - log_err("Re-seeding not supported, generator untouched"); -} - struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); diff --git a/util/random.h b/util/random.h index e75157d38..b257793a4 100644 --- a/util/random.h +++ b/util/random.h @@ -47,14 +47,6 @@ */ struct ub_randstate; -/** - * Initialize the system randomness. Obtains entropy from the system - * before a chroot or privilege makes it unavailable. - * You do not have to call this, otherwise ub_initstate does so. - * @param seed: seed value to create state (if no good entropy is found). - */ -void ub_systemseed(unsigned int seed); - /** * Initialize a random generator state for use * @param from: if not NULL, the seed is taken from this random structure.