upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-16 02:58:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib/isc/include
History
Ondřej Surý d9b5ef3429
Use cryptographically-secure pseudo-random generator everywhere 
It was discovered in an upcoming academic paper that a xoshiro128**
internal state can be recovered by an external 3rd party allowing to
predict UDP ports and DNS IDs in the outgoing queries.  This could lead
to an attacker spoofing the DNS answers with great efficiency and
poisoning the DNS cache.

Change the internal random generator to system CSPRNG with buffering to
avoid excessive syscalls.

Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
for responsibly reporting this to us.  Very cool research!

(cherry picked from commit cffcab9d5f)
2025-10-22 18:42:48 +02:00
..
isc Use cryptographically-secure pseudo-random generator everywhere 2025-10-22 18:42:48 +02:00
pk11 Reformat sources with up-to-date clang-format-17 2023-11-13 17:15:55 +01:00
pkcs11 Update clang to version 14 2022-06-16 18:11:03 +02:00
.clang-format Merge branch '46-enforce-clang-format-rules' into 'master' 2020-02-14 08:45:59 +00:00
Makefile.in Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00