From 0f1e3b4ba87a23058f9f905709b98b1f9defba00 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 6 Jun 2023 09:16:44 +0200 Subject: [PATCH] error check all the rand.Read() calls --- dnscrypt-proxy/crypto.go | 8 ++++++-- dnscrypt-proxy/main.go | 4 +++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/dnscrypt-proxy/crypto.go b/dnscrypt-proxy/crypto.go index 4786edb5..ed08f3cc 100644 --- a/dnscrypt-proxy/crypto.go +++ b/dnscrypt-proxy/crypto.go @@ -78,7 +78,9 @@ func (proxy *Proxy) Encrypt( proto string, ) (sharedKey *[32]byte, encrypted []byte, clientNonce []byte, err error) { nonce, clientNonce := make([]byte, NonceSize), make([]byte, HalfNonceSize) - crypto_rand.Read(clientNonce) + if _, err := crypto_rand.Read(clientNonce); err != nil { + return nil, nil, nil, err + } copy(nonce, clientNonce) var publicKey *[PublicKeySize]byte if proxy.ephemeralKeys { @@ -101,7 +103,9 @@ func (proxy *Proxy) Encrypt( minQuestionSize = Max(proxy.questionSizeEstimator.MinQuestionSize(), minQuestionSize) } else { var xpad [1]byte - crypto_rand.Read(xpad[:]) + if _, err := crypto_rand.Read(xpad[:]); err != nil { + return nil, nil, nil, err + } minQuestionSize += int(xpad[0]) } paddedLength := Min(MaxDNSUDPPacketSize, (Max(minQuestionSize, QueryOverhead)+1+63) & ^63) diff --git a/dnscrypt-proxy/main.go b/dnscrypt-proxy/main.go index 94ab9a8b..a44272f2 100644 --- a/dnscrypt-proxy/main.go +++ b/dnscrypt-proxy/main.go @@ -32,7 +32,9 @@ func main() { runtime.MemProfileRate = 0 seed := make([]byte, 8) - crypto_rand.Read(seed) + if _, err := crypto_rand.Read(seed); err != nil { + dlog.Fatal(err) + } rand.Seed(int64(binary.LittleEndian.Uint64(seed[:]))) pwd, err := os.Getwd()