CVE-2022-1615 util/genrand: don't ignore errors in random number generation
Since we began using GnuTLS in genrand.c, we have ignored return values.
A failure of randomness is a very bad thing, and we have no option but to abort.
In https://bugzilla.samba.org/show_bug.cgi?id=15103 we considered whether this is a security issue, but ultimately decided the cases where this fails belong in the "already completely screwed" basket.
There's also a piggybacking patch for better reporting of uptodateness errors in samba-tool.
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
(optional, if backport required) Bugzilla bug filed and BUG:
tag added -
CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)
Reviewer's checklist:
-
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code
Edited by Andrew Bartlett