From 7646c9625974ab6b3037baf56c9b6a41efd6356f Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Wed, 20 Nov 2019 11:35:07 +0100
Subject: [PATCH] - Fix Randomness Error not Handled Properly,   reported by
 X41 D-Sec.

---
 doc/Changelog | 2 ++
 util/random.c | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/doc/Changelog b/doc/Changelog
index cd1321578..004cf014a 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -8,6 +8,8 @@
 	- Adjust unbound-control to make stats_shm a read only operation.
 	- Fix Weak Entropy Used For Nettle,
 	  reported by X41 D-Sec.
+	- Fix Randomness Error not Handled Properly,
+	  reported by X41 D-Sec.
 
 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.
diff --git a/util/random.c b/util/random.c
index 1bdad6894..bda6d5a68 100644
--- a/util/random.c
+++ b/util/random.c
@@ -138,7 +138,9 @@ long int ub_random(struct ub_randstate* ATTR_UNUSED(state))
 	/* random 31 bit value. */
 	SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x));
 	if(s != SECSuccess) {
-		log_err("PK11_GenerateRandom error: %s",
+		/* unbound needs secure randomness for randomized
+		 * ID bits and port numbers in packets to upstream servers */
+		fatal_exit("PK11_GenerateRandom error: %s",
 			PORT_ErrorToString(PORT_GetError()));
 	}
 	return x & MAX_VALUE;
-- 
2.47.3