Replace almost all occurences of random() by dns_random().

Exceptions are the ones in misc.cc, because they introduce a
dependency to libsodium and/or librypto, which is not wanted in
dnsdist.

The calls in misc,.cc are not security-sensitive so it is not a big
deal to use a deterministic PRNG there.  Also, improve Utility::srandom()
a bit and call it in the recursor.

diff --git a/pdns/calidns.cc b/pdns/calidns.cc
index a82a4fc03d94c851e43b4a739c1a7b7bbbdbccda..f2c8bb0a302f02eca6dba6151ce3bfba964721aa 100644 (file)
--- a/pdns/calidns.cc
+++ b/pdns/calidns.cc
@@ -377,7 +377,7 @@ try
 
     DNSPacketWriter pw(packet, DNSName(qname), DNSRecordContent::TypeToNumber(qtype));
     pw.getHeader()->rd=wantRecursion;
-    pw.getHeader()->id=random();
+    pw.getHeader()->id=dns_random(UINT16_MAX);
 
     if(!subnet.empty() || !ecsRange.empty()) {
       EDNSSubnetOpts opt;
@@ -454,7 +454,7 @@ try
       known.push_back(ptr);
     }
     for(;n < total; ++n) {
-      toSend.push_back(known[random()%known.size()].get());
+      toSend.push_back(known[dns_random(known.size())].get());
     }
     random_shuffle(toSend.begin(), toSend.end());
     g_recvcounter.store(0);

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 8f61cc4265b49d7b507fad7073a4cf57d48eaf06..0c77d57880fe235ae8b0c6b0c93c5668bb28ea97 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -496,7 +496,7 @@ static void triggerLoadOfLibraries()
 
 void mainthread()
 {
-   Utility::srandom(time(0) ^ getpid());
+   Utility::srandom();
 
    int newgid=0;
    if(!::arg()["setgid"].empty()) 

diff --git a/pdns/ixfrdist.cc b/pdns/ixfrdist.cc
index 1ba8ffed0c0213ca501fbb887e5c0e65b2777cc7..3a0c443ac08ff08c926d13bd6bc762544be9fc77 100644 (file)
--- a/pdns/ixfrdist.cc
+++ b/pdns/ixfrdist.cc
@@ -343,7 +343,7 @@ void updateThread(const string& workdir, const uint16_t& keep, const uint16_t& a
 
       // TODO Keep track of 'down' masters
       set<ComboAddress>::const_iterator it(domainConfig.second.masters.begin());
-      std::advance(it, random() % domainConfig.second.masters.size());
+      std::advance(it, dns_random(domainConfig.second.masters.size()));
       ComboAddress master = *it;
 
       string dir = workdir + "/" + domain.toString();

diff --git a/pdns/lua-record.cc b/pdns/lua-record.cc
index ce9327d5348823858f9e4da59bf39cc9cb465d51..34c09dd8ca5907d49f992b4ec40e3fa162472ab7 100644 (file)
--- a/pdns/lua-record.cc
+++ b/pdns/lua-record.cc
@@ -852,7 +852,7 @@ std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, cons
         for(const auto& nmpair : netmasks) {
           Netmask nm(nmpair.second);
           if(nm.match(bestwho)) {
-            return destinations[random() % destinations.size()].second;
+            return destinations[dns_random(destinations.size())].second;
           }
         }
       }

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index f4842e9e7c8d02d104872d64e5f2aecb73e18565..15e9f7a1631979ebae86fdc62463ee976a2086c9 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -4158,6 +4158,7 @@ int main(int argc, char **argv)
   g_argc = argc;
   g_argv = argv;
   g_stats.startupTime=time(0);
+  Utility::srandom();
   versionSetProduct(ProductRecursor);
   reportBasicTypes();
   reportOtherTypes();

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 27614fd0c98130c8c62fa61cd1e83a21d68e3ed6..2dbcce04975cc6413d0d7545c1f29e104798eccd 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -200,7 +200,7 @@ void dbBench(const std::string& fname)
   dt.set();
   unsigned int hits=0, misses=0;
   for(; n < 10000; ++n) {
-    DNSName domain(domains[random() % domains.size()]);
+    DNSName domain(domains[dns_random(domains.size())]);
     B.lookup(QType(QType::NS), domain);
     while(B.get(rr)) {
       hits++;
@@ -1319,7 +1319,7 @@ void testSpeed(DNSSECKeeper& dk, const DNSName& zone, const string& remote, int
   DTime dt;
   dt.set();
   for(unsigned int n=0; n < 100000; ++n) {
-    rnd = random();
+    rnd = dns_random(UINT32_MAX);
     snprintf(tmp, sizeof(tmp), "%d.%d.%d.%d", 
       octets[0], octets[1], octets[2], octets[3]);
     rr.content=tmp;

diff --git a/pdns/test-recpacketcache_cc.cc b/pdns/test-recpacketcache_cc.cc
index 365187108d41faa60fc8def77faa93259d5aa699..5caccd0d1fdcaa0871f916ea4d7256e0e8935241 100644 (file)
--- a/pdns/test-recpacketcache_cc.cc
+++ b/pdns/test-recpacketcache_cc.cc
@@ -29,7 +29,7 @@ BOOST_AUTO_TEST_CASE(test_recPacketCacheSimple) {
   DNSPacketWriter pw(packet, qname, QType::A);
   pw.getHeader()->rd=true;
   pw.getHeader()->qr=false;
-  pw.getHeader()->id=random();
+  pw.getHeader()->id=dns_random(UINT16_MAX);
   string qpacket((const char*)&packet[0], packet.size());
   pw.startRecord(qname, QType::A, ttd);
 
@@ -68,7 +68,7 @@ BOOST_AUTO_TEST_CASE(test_recPacketCacheSimple) {
 
   pw2.getHeader()->rd=true;
   pw2.getHeader()->qr=false;
-  pw2.getHeader()->id=random();
+  pw2.getHeader()->id=dns_random(UINT16_MAX);
   qpacket.assign((const char*)&packet[0], packet.size());
 
   found = rpc.getResponsePacket(tag, qpacket, time(nullptr), &fpacket, &age, &qhash);
@@ -101,7 +101,7 @@ BOOST_AUTO_TEST_CASE(test_recPacketCache_Tags) {
   DNSPacketWriter pw(packet, qname, QType::A);
   pw.getHeader()->rd=true;
   pw.getHeader()->qr=false;
-  pw.getHeader()->id=random();
+  pw.getHeader()->id=dns_random(UINT16_MAX);
   string qpacket(reinterpret_cast<const char*>(&packet[0]), packet.size());
   pw.startRecord(qname, QType::A, ttd);
 

diff --git a/pdns/unix_utility.cc b/pdns/unix_utility.cc
index 9c9af5283d2437a24af4c5714385bfae812a3a84..6e5d817a09d3e81016ffcc3b3d691acfae617408 100644 (file)
--- a/pdns/unix_utility.cc
+++ b/pdns/unix_utility.cc
@@ -213,9 +213,11 @@ int Utility::makeUidNumeric(const string &username)
 }
 
 // Sets the random seed.
-void Utility::srandom( unsigned int seed )
+void Utility::srandom(void)
 {
-  ::srandom(seed);
+  struct timeval tv;
+  gettimeofday(&tv, 0);
+  ::srandom(tv.tv_sec ^ tv.tv_usec ^ getpid());
 }
 
 // Writes a vector.

diff --git a/pdns/utility.hh b/pdns/utility.hh
index 7ba9b2fd353edc69d980a6e146f10c97316fff0c..024fc089fb111a5b6f66f239e60d2f32ebb39cca 100644 (file)
--- a/pdns/utility.hh
+++ b/pdns/utility.hh
@@ -130,8 +130,8 @@ public:
   static int writev( Utility::sock_t socket, const iovec *vector, size_t count );
 
   //! Sets the random seed.
-  static void srandom( unsigned int seed );
-  
+  static void srandom(void);
+
   //! Drops the program's group privileges.
   static void dropGroupPrivs( int uid, int gid );