Skip to content

Thread safe ID generation #218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MichaCo merged 4 commits into from
Mar 11, 2024
Merged

Thread safe ID generation #218

MichaCo merged 4 commits into from
Mar 11, 2024

Conversation

@antonfirsov
Copy link
Contributor

@antonfirsov antonfirsov commented Mar 10, 2024
edited
Loading

Fix #209 and use cryptographically strong random numbers Edit: removed the latter, the vulnerability doesn't apply to clients..

antonfirsov
antonfirsov commented Mar 11, 2024
View reviewed changes
test/DnsClient.Tests/DnsRequestHeaderTest.cs
ids.TryAdd(header.Id, 0);
});

Assert.True(ids.Count > 950, $"Only {ids.Count} of 1000 ids are unique!");
Copy link
Contributor Author

@antonfirsov antonfirsov Mar 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without the change the number of collisions is significantly higher.

@MichaCo
Copy link
Owner

MichaCo commented Mar 11, 2024

I was actually adding a fix for this in my open PR, too:
https://github.com/MichaCo/DnsClient.NET/pull/207/files#diff-6ce9119d23f07ed09bd510d31b8f53054f0909b741bcfad887ab7b0d8aeba0dc

Now I'm wondering, why did you remove the version with RandomNumberGenerator in favor of a lock?
I do get roughly the same result with your unit test with my version at least ;)

        private static ushort GetRandom()
        {
            var block = new byte[2];
            s_generator.GetBytes(block);
            return BitConverter.ToUInt16(block, 0);
        }

@antonfirsov
Copy link
Contributor Author

antonfirsov commented Mar 11, 2024
edited
Loading

In #207 the two implementation paths have different characteristics: RandomNumberGenerator is cryptographically secure (but slower) while Random is not secure (but fast). I orginally used RandomNumberGenerator, but removed it in a2ee64c for simplicity. What made the code more complicated than ideal is the exlusion of id==1 which you don't do in #207 for old targets. I fail to understand why is id != 1 needed, but I wanted to keep the old logic.

In my understanding client txid-s don't have to be cryptographically secure random numbers, so no need to use RandomNumberGenerator unless DnsClient.NET is expected to be used in a recursive DNS server.

@MichaCo
Copy link
Owner

MichaCo commented Mar 11, 2024

gotcha.

In my understanding client txid-s don't have to be cryptographically secure random numbers, so no need to use RandomNumberGenerator unless DnsClient.NET is expected to be used in a recursive DNS server.

yup that is also my understanding.

@MichaCo MichaCo merged commit ead8231 into MichaCo:dev Mar 11, 2024
@bfortman bfortman mentioned this pull request Aug 26, 2024
Open
@dependabot dependabot bot mentioned this pull request Oct 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MichaCo MichaCo MichaCo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

LookupClient.QueryAsync is not concurrency-safe

2 participants

@antonfirsov @MichaCo