upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-26 11:22:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/tests
History
Ondřej Surý 2924910eee
Use cryptographically-secure pseudo-random generator everywhere 
It was discovered in an upcoming academic paper that a xoshiro128**
internal state can be recovered by an external 3rd party allowing to
predict UDP ports and DNS IDs in the outgoing queries.  This could lead
to an attacker spoofing the DNS answers with great efficiency and
poisoning the DNS cache.

Change the internal random generator to system CSPRNG with buffering to
avoid excessive syscalls.

Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
for responsibly reporting this to us.  Very cool research!

(cherry picked from commit cffcab9d5f)
2025-10-02 13:49:33 +02:00
..
bench Use clang-format-20 to update formatting 2025-06-25 13:32:08 +10:00
dns Fix dns_qpmulti_memusage() on empty dns_qpmulti_t instance 2025-09-17 14:01:44 +02:00
include/tests Extend ISC_TEST_MAIN for debugging 2024-08-22 11:34:42 +10:00
isc Use cryptographically-secure pseudo-random generator everywhere 2025-10-02 13:49:33 +02:00
isccfg Add none parameter to query-source and query-source-v6 to disable IPv4 or IPv6 upstream queries 2024-12-10 11:58:20 +01:00
libtest Rename 'free' variable to 'nfree' to not clash with free() 2025-07-22 14:28:15 +02:00
ns wrap ns_client_error() for unit testing 2025-02-26 00:55:51 +00:00
.gitignore Move all the unit tests to /tests/<libname>/ 2022-05-28 14:53:02 -07:00
Makefile.am Move resconf_test.c to tests/dns and cleanup 2024-12-12 22:50:22 +00:00
unit-test-driver.sh.in Reformat shell scripts with shfmt 2023-10-26 10:23:50 +02:00