Fix assertion failure from arc4random_uniform with invalid limit

When the arc4random_uniform() is called on NetBSD with upper_bound that
makes no sense statistically (0 or 1), the call crashes the calling
program.  Fix this by returning 0 when upper bound is < 2 as does Linux,
FreeBSD and NetBSD.  (Hint: System CSPRNG should never crash.)

(cherry picked from commit 871bce312b651cebe2da9fcfc4688f3b49f6895c)

diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
index 78035fbe9a1a399e3ebb8f8424916d2dc17e75cd..3a23631baab8d3e230d62469f8e6b6269b6a905f 100644 (file)
--- a/lib/isc/include/isc/random.h
+++ b/lib/isc/include/isc/random.h
@@ -28,9 +28,10 @@
 ISC_LANG_BEGINDECLS
 
 #if HAVE_ARC4RANDOM && !defined(__linux__)
-#define isc_random32()                 arc4random()
-#define isc_random_buf(buf, buflen)    arc4random_buf(buf, buflen)
-#define isc_random_uniform(upper_bound) arc4random_uniform(upper_bound)
+#define isc_random32()             arc4random()
+#define isc_random_buf(buf, buflen) arc4random_buf(buf, buflen)
+#define isc_random_uniform(upper_bound) \
+       ((upper_bound) < 2 ? 0 : arc4random_uniform(upper_bound))
 #else /* HAVE_ARC4RANDOM && !defined(__linux__) */
 uint32_t
 isc_random32(void);