[Date Prev][Date Next] [Chronological] [Thread] [Top]

PRNG from ITS#7027 (shuffling DNS SRV records) is poorly seeded

Full_Name: Sergio Gelato
Version: 2.4.40
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

As part of ITS#7027, a simple PRNG was added to libraries/libldap/dnssrv.c in
order to implement shuffling of SRV RRs as per RFC2782.

I see two shortcomings with the way this generator is being seeded.

(1) The seed is a very slowly varying function of time: (float)time(NULL) /
(2**32-1). The mantissa of an IEEE754 float has 24 bits, so one only gets a new
seed every 2**7 seconds with the current seeding method.

(2) At any given time, all clients areikikely to use the same seed and therefore
pick the same SRV record. This means the load on individual servers will
fluctuate a lot more than if the clients picked records in an uncorrelated

To fix (1) I think we need to hash the seed so that it is much more sensitive to
the least significant bit of the current time value. (2) can be addressed by
mixing in some value that varies from client to client; maybe the 16-bit DNS
query ID is most readily available (as the first two bytes of the reply buffer;
I hope all implementations of res_query() return it). Come to think of it,
shifting the query ID up by 15 bits and XORing with the current time might be
good enough.