upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-26 11:22:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/lib/isc
History
Ondřej Surý 8330b49fb9
Use cryptographically-secure pseudo-random generator everywhere 
It was discovered in an upcoming academic paper that a xoshiro128**
internal state can be recovered by an external 3rd party allowing to
predict UDP ports and DNS IDs in the outgoing queries.  This could lead
to an attacker spoofing the DNS answers with great efficiency and
poisoning the DNS cache.

Change the internal random generator to system CSPRNG with buffering to
avoid excessive syscalls.

Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
for responsibly reporting this to us.  Very cool research!

(cherry picked from commit cffcab9d5f)
2025-10-02 13:53:14 +02:00
..
include Use cryptographically-secure pseudo-random generator everywhere 2025-10-02 13:53:14 +02:00
netmgr TLS DNS: Simplify tls_cycle_input() 2025-03-24 09:49:38 +02:00
.gitignore [master] update gitignore files; use rev-parse to get srcid 2014-06-17 13:49:30 -07:00
aes.c Remove EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() shims 2022-03-02 10:49:47 +00:00
app.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
assertions.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
astack.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
backtrace.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
base32.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
base64.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
buffer.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
commandline.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
condition.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
counter.c Implement global limit for outgoing queries 2024-12-06 15:17:53 +00:00
crc64.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
dir.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
entropy.c De-duplicate __FILE__, __LINE__ 2022-10-17 16:00:26 +01:00
entropy_private.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
errno.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
errno2result.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
errno2result.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
error.c Include the function name when reporting unexpected errors 2022-10-17 16:00:27 +01:00
event.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
file.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
glob.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
hash.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
heap.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
hex.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
hmac.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
ht.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
httpd.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
interfaceiter.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
iterated_hash.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
jemalloc_shim.h Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
lex.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
lib.c remove isc_bind9 variable 2023-02-09 10:07:39 -08:00
log.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
Makefile.am Replace isc_fsaccess API with more secure file creation 2023-03-31 16:47:15 +02:00
managers.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
md.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
mem.c Use clang-format-20 to update formatting 2025-06-25 13:59:44 +10:00
mem_p.h Improve stability of the jemalloc workaround 2023-11-01 18:04:07 +01:00
meminfo.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
mutex.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
mutexblock.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
net.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
netaddr.c Reduce sizeof isc_sockaddr from 152 to 48 bytes 2025-01-22 14:12:38 +01:00
netmgr_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
netscope.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
nonce.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
openssl_shim.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
openssl_shim.h Remove unused <openssl/{hmac,engine}.h> headers from OpenSSL shims 2024-10-18 01:29:27 +00:00
os.c Use ControlStatementsExceptControlMacros for SpaceBeforeParens 2025-08-19 08:10:58 +02:00
os_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
parseint.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
picohttpparser.c Use ControlStatementsExceptControlMacros for SpaceBeforeParens 2025-08-19 08:10:58 +02:00
picohttpparser.h Update picohttpparser.{c,h} with upstream repository 2024-12-08 12:30:11 +00:00
pool.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
portset.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
quota.c Fix memory ordering for operations with quota->used and quota->waiting 2025-03-04 09:57:34 +00:00
radix.c Use clang-format-20 to update formatting 2025-06-25 13:59:44 +10:00
random.c Use cryptographically-secure pseudo-random generator everywhere 2025-10-02 13:53:14 +02:00
ratelimiter.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
regex.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
region.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
resource.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
result.c Use clang-format-20 to update formatting 2025-06-25 13:59:44 +10:00
rwlock.c Use clang-format-20 to update formatting 2025-06-25 13:59:44 +10:00
safe.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
serial.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
siphash.c Accept 'in=NULL' with 'inlen=0' in isc_{half}siphash24 2023-01-10 18:36:08 +11:00
sockaddr.c Reduce sizeof isc_sockaddr from 152 to 48 bytes 2025-01-22 14:12:38 +01:00
stats.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
stdio.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
stdtime.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
string.c Use ControlStatementsExceptControlMacros for SpaceBeforeParens 2025-08-19 08:10:58 +02:00
symtab.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
syslog.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
task.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
task_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
taskpool.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
thread.c Remove redundant #include <isc/strerr.h> 2022-10-17 16:08:28 +01:00
time.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
timer.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
timer_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
tls.c Provide more visibility into configuration errors 2024-11-26 12:24:41 +11:00
tls_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
tm.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
trampoline.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
trampoline_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
url.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
utf8.c Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00