- Fix Randomness Error not Handled Properly,

reported by X41 D-Sec.
2026-01-28 09:29:20 -05:00 · 2019-11-20 11:35:07 +01:00 · 2019-11-20 11:35:07 +01:00 · 7646c96259
commit 7646c96259
parent d8809c672a
2 changed files with 5 additions and 1 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -8,6 +8,8 @@
 	- Adjust unbound-control to make stats_shm a read only operation.
 	- Fix Weak Entropy Used For Nettle,
 	  reported by X41 D-Sec.
+	- Fix Randomness Error not Handled Properly,
+	  reported by X41 D-Sec.

 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.
--- a/util/random.c
+++ b/util/random.c
@ -138,7 +138,9 @@ long int ub_random(struct ub_randstate* ATTR_UNUSED(state))
 	/* random 31 bit value. */
 	SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x));
 	if(s != SECSuccess) {
-		log_err("PK11_GenerateRandom error: %s",
+		/* unbound needs secure randomness for randomized
+		 * ID bits and port numbers in packets to upstream servers */
+		fatal_exit("PK11_GenerateRandom error: %s",
 			PORT_ErrorToString(PORT_GetError()));
 	}
 	return x & MAX_VALUE;