From: Otto Moerbeek Date: Mon, 18 Feb 2019 10:11:34 +0000 (+0100) Subject: Replace almost all occurences of random() by dns_random(). X-Git-Tag: dnsdist-1.4.0-alpha1~54^2~2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b51ef4f9a9e07b35cedd6d9f6c39df4ee1d1ff78;p=pdns Replace almost all occurences of random() by dns_random(). Exceptions are the ones in misc.cc, because they introduce a dependency to libsodium and/or librypto, which is not wanted in dnsdist. The calls in misc,.cc are not security-sensitive so it is not a big deal to use a deterministic PRNG there. Also, improve Utility::srandom() a bit and call it in the recursor. --- diff --git a/pdns/calidns.cc b/pdns/calidns.cc index a82a4fc03..f2c8bb0a3 100644 --- a/pdns/calidns.cc +++ b/pdns/calidns.cc @@ -377,7 +377,7 @@ try DNSPacketWriter pw(packet, DNSName(qname), DNSRecordContent::TypeToNumber(qtype)); pw.getHeader()->rd=wantRecursion; - pw.getHeader()->id=random(); + pw.getHeader()->id=dns_random(UINT16_MAX); if(!subnet.empty() || !ecsRange.empty()) { EDNSSubnetOpts opt; @@ -454,7 +454,7 @@ try known.push_back(ptr); } for(;n < total; ++n) { - toSend.push_back(known[random()%known.size()].get()); + toSend.push_back(known[dns_random(known.size())].get()); } random_shuffle(toSend.begin(), toSend.end()); g_recvcounter.store(0); diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 8f61cc426..0c77d5788 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -496,7 +496,7 @@ static void triggerLoadOfLibraries() void mainthread() { - Utility::srandom(time(0) ^ getpid()); + Utility::srandom(); int newgid=0; if(!::arg()["setgid"].empty()) diff --git a/pdns/ixfrdist.cc b/pdns/ixfrdist.cc index 1ba8ffed0..3a0c443ac 100644 --- a/pdns/ixfrdist.cc +++ b/pdns/ixfrdist.cc @@ -343,7 +343,7 @@ void updateThread(const string& workdir, const uint16_t& keep, const uint16_t& a // TODO Keep track of 'down' masters set::const_iterator it(domainConfig.second.masters.begin()); - std::advance(it, random() % domainConfig.second.masters.size()); + std::advance(it, dns_random(domainConfig.second.masters.size())); ComboAddress master = *it; string dir = workdir + "/" + domain.toString(); diff --git a/pdns/lua-record.cc b/pdns/lua-record.cc index ce9327d53..34c09dd8c 100644 --- a/pdns/lua-record.cc +++ b/pdns/lua-record.cc @@ -852,7 +852,7 @@ std::vector> luaSynth(const std::string& code, cons for(const auto& nmpair : netmasks) { Netmask nm(nmpair.second); if(nm.match(bestwho)) { - return destinations[random() % destinations.size()].second; + return destinations[dns_random(destinations.size())].second; } } } diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index f4842e9e7..15e9f7a16 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -4158,6 +4158,7 @@ int main(int argc, char **argv) g_argc = argc; g_argv = argv; g_stats.startupTime=time(0); + Utility::srandom(); versionSetProduct(ProductRecursor); reportBasicTypes(); reportOtherTypes(); diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index 27614fd0c..2dbcce049 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -200,7 +200,7 @@ void dbBench(const std::string& fname) dt.set(); unsigned int hits=0, misses=0; for(; n < 10000; ++n) { - DNSName domain(domains[random() % domains.size()]); + DNSName domain(domains[dns_random(domains.size())]); B.lookup(QType(QType::NS), domain); while(B.get(rr)) { hits++; @@ -1319,7 +1319,7 @@ void testSpeed(DNSSECKeeper& dk, const DNSName& zone, const string& remote, int DTime dt; dt.set(); for(unsigned int n=0; n < 100000; ++n) { - rnd = random(); + rnd = dns_random(UINT32_MAX); snprintf(tmp, sizeof(tmp), "%d.%d.%d.%d", octets[0], octets[1], octets[2], octets[3]); rr.content=tmp; diff --git a/pdns/test-recpacketcache_cc.cc b/pdns/test-recpacketcache_cc.cc index 365187108..5caccd0d1 100644 --- a/pdns/test-recpacketcache_cc.cc +++ b/pdns/test-recpacketcache_cc.cc @@ -29,7 +29,7 @@ BOOST_AUTO_TEST_CASE(test_recPacketCacheSimple) { DNSPacketWriter pw(packet, qname, QType::A); pw.getHeader()->rd=true; pw.getHeader()->qr=false; - pw.getHeader()->id=random(); + pw.getHeader()->id=dns_random(UINT16_MAX); string qpacket((const char*)&packet[0], packet.size()); pw.startRecord(qname, QType::A, ttd); @@ -68,7 +68,7 @@ BOOST_AUTO_TEST_CASE(test_recPacketCacheSimple) { pw2.getHeader()->rd=true; pw2.getHeader()->qr=false; - pw2.getHeader()->id=random(); + pw2.getHeader()->id=dns_random(UINT16_MAX); qpacket.assign((const char*)&packet[0], packet.size()); found = rpc.getResponsePacket(tag, qpacket, time(nullptr), &fpacket, &age, &qhash); @@ -101,7 +101,7 @@ BOOST_AUTO_TEST_CASE(test_recPacketCache_Tags) { DNSPacketWriter pw(packet, qname, QType::A); pw.getHeader()->rd=true; pw.getHeader()->qr=false; - pw.getHeader()->id=random(); + pw.getHeader()->id=dns_random(UINT16_MAX); string qpacket(reinterpret_cast(&packet[0]), packet.size()); pw.startRecord(qname, QType::A, ttd); diff --git a/pdns/unix_utility.cc b/pdns/unix_utility.cc index 9c9af5283..6e5d817a0 100644 --- a/pdns/unix_utility.cc +++ b/pdns/unix_utility.cc @@ -213,9 +213,11 @@ int Utility::makeUidNumeric(const string &username) } // Sets the random seed. -void Utility::srandom( unsigned int seed ) +void Utility::srandom(void) { - ::srandom(seed); + struct timeval tv; + gettimeofday(&tv, 0); + ::srandom(tv.tv_sec ^ tv.tv_usec ^ getpid()); } // Writes a vector. diff --git a/pdns/utility.hh b/pdns/utility.hh index 7ba9b2fd3..024fc089f 100644 --- a/pdns/utility.hh +++ b/pdns/utility.hh @@ -130,8 +130,8 @@ public: static int writev( Utility::sock_t socket, const iovec *vector, size_t count ); //! Sets the random seed. - static void srandom( unsigned int seed ); - + static void srandom(void); + //! Drops the program's group privileges. static void dropGroupPrivs( int uid, int gid );