CVE-2022-1615 util/genrand: don't ignore errors in random number generation (!2644) · Merge requests · The Samba Team / Samba

Douglas Bagnall requested to merge samba-team/devel/samba:douglas-bug-15103 into master Jul 27, 2022

Since we began using GnuTLS in genrand.c, we have ignored return values.

A failure of randomness is a very bad thing, and we have no option but to abort.

In https://bugzilla.samba.org/show_bug.cgi?id=15103 we considered whether this is a security issue, but ultimately decided the cases where this fails belong in the "already completely screwed" basket.

There's also a piggybacking patch for better reporting of uptodateness errors in samba-tool.

Checklist

Commits have Signed-off-by: with name/author being identical to the commit author
(optional, if backport required) Bugzilla bug filed and BUG: tag added
CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)

Reviewer's checklist:

There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Jul 28, 2022 by Andrew Bartlett

CVE-2022-1615 util/genrand: don't ignore errors in random number generation

Checklist

Reviewer's checklist:

Merge request reports