upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-26 11:22:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/tests
History
Ondřej Surý 8330b49fb9
Use cryptographically-secure pseudo-random generator everywhere 
It was discovered in an upcoming academic paper that a xoshiro128**
internal state can be recovered by an external 3rd party allowing to
predict UDP ports and DNS IDs in the outgoing queries.  This could lead
to an attacker spoofing the DNS answers with great efficiency and
poisoning the DNS cache.

Change the internal random generator to system CSPRNG with buffering to
avoid excessive syscalls.

Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
for responsibly reporting this to us.  Very cool research!

(cherry picked from commit cffcab9d5f)
2025-10-02 13:53:14 +02:00
..
dns Add tests for BRID and HHIT 2025-09-03 11:10:52 +10:00
include/tests Extend ISC_TEST_MAIN for debugging 2024-08-22 06:04:59 +00:00
irs Check that nameservers are parsed correctly 2024-12-13 10:27:22 +11:00
isc Use cryptographically-secure pseudo-random generator everywhere 2025-10-02 13:53:14 +02:00
isccfg Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
libtest Drop superfluous isc_mem_get() NULL check 2024-12-13 14:54:48 +01:00
ns wrap ns_client_error() for unit testing 2025-02-25 16:23:14 -08:00
.gitignore Move all the unit tests to /tests/<libname>/ 2022-05-31 12:06:00 +02:00
Makefile.am Stop the unit tests from running twice 2022-05-31 12:06:00 +02:00
unit-test-driver.sh.in Reformat shell scripts with shfmt 2023-10-26 13:05:00 +02:00