upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-22 01:56:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/tests
History
Ondřej Surý cffcab9d5f
Use cryptographically-secure pseudo-random generator everywhere 
It was discovered in an upcoming academic paper that a xoshiro128**
internal state can be recovered by an external 3rd party allowing to
predict UDP ports and DNS IDs in the outgoing queries.  This could lead
to an attacker spoofing the DNS answers with great efficiency and
poisoning the DNS cache.

Change the internal random generator to system CSPRNG with buffering to
avoid excessive syscalls.

Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
for responsibly reporting this to us.  Very cool research!
2025-10-02 13:26:07 +02:00
..
bench Change the 'isc_g_mctx' to be always available 2025-08-04 11:29:50 +02:00
dns add API to parse and extract IP from PTR name 2025-10-01 12:16:05 +02:00
include/tests add query unit test 2025-09-09 09:42:34 +02:00
isc Use cryptographically-secure pseudo-random generator everywhere 2025-10-02 13:26:07 +02:00
isccfg Use ControlStatementsExceptControlMacros for SpaceBeforeParens 2025-08-19 07:58:33 +02:00
libtest add query unit test 2025-09-09 09:42:34 +02:00
ns fix hookasyncctx renaming 2025-09-28 22:41:32 +02:00
.gitignore Move all the unit tests to /tests/<libname>/ 2022-05-28 14:53:02 -07:00
meson.build replace the build system with meson 2025-06-11 10:30:12 +03:00