Random number generation bugs #1076

jsbarber · 2020-07-20T20:35:05Z

Issue 1:
There is code in init_random_seed that checks if HAVE_GETRANDOM is defined and, when set, calls getrandom to fill a buffer with random data. However, the code then bypasses the code block that uses the buffer to create the actual seed value from the random data. It then calls bro_srandom with a seed value of 0 and a "true" second argument (which causes bro_rand_determistic to be set). Hence, the seed is always set the same. See https://try.zeek.org/#/tryzeek/saved/440256:

# Issues 1 - 3
event zeek_init()
	{
	local i = 0;
	while (i < 20)
		{
		print rand(65535);
		i += 1;
		}
	}

Issue 2:
I presume this would be considered by design, but bro_rand_deterministic always get set and hence the system random function is never used; instead the built-in bro_prng is used. (Which, at a minimum contradicts the documentation.)

Issue 3:
When the seed is 0, bro_prng returns the same one value (0x7fffffff) continuously.

Issue 4:
bro_prng also violates the constraint that its return value should be less than or equal to the system RAND_MAX. This in turn causes the BiF rand function to violate its specification: it can return a value greater than the max argument. (Due to issue 3, this only occurs if you re-seed the generator.)

For issue 4, https://try.zeek.org/#/tryzeek/saved/440259:

event zeek_init()
	{
	srand(0x7d662799A);
	local i = 0;
	while (i < 40)
		{
		local rn = rand(65535);
		if (rn > 65535)
			print "ACK", rn;
		i += 1;
		}
	}

The text was updated successfully, but these errors were encountered:

The availability and use of getrandom() actually caused unrandom and deterministic results in terms of Zeek's random number generation.

The intermediate result of the PRNG used unsigned storage, preventing the ( result < 0 ) branch from ever being evaluated. This could cause return values to exceed the modulus as well as RAND_MAX. One interesting effect of this is potential for the rand() BIF to return values outside the requested maximum limit. Another interesting effect of this is that a PacketFilter may start randomly dropping packets even if it was not configured for random-packet-drops.

The bro_prng() implementation cannot generate 0 as a result since it causes every subsequent number from the PRNG to also be 0, so use the number 1 instead of 0.

The availability and use of getrandom() actually caused unrandom and deterministic results in terms of Zeek's random number generation.

The intermediate result of the PRNG used unsigned storage, preventing the ( result < 0 ) branch from ever being evaluated. This could cause return values to exceed the modulus as well as RAND_MAX. One interesting effect of this is potential for the rand() BIF to return values outside the requested maximum limit. Another interesting effect of this is that a PacketFilter may start randomly dropping packets even if it was not configured for random-packet-drops.

The bro_prng() implementation cannot generate 0 as a result since it causes every subsequent number from the PRNG to also be 0, so use the number 1 instead of 0.

jsiwek · 2020-07-22T23:02:52Z

@jsbarber Thanks for reporting those, #1081 should address the issues if you'd like to confirm. Particularly:

Issues 1 + 2: dba7643
Issue 3: 887b53b
Issue 4: 0f4eb9a

* origin/topic/jsiwek/gh-1076-fix-random: Deprecate bro_srandom(), replace with zeek::seed_random(). Add zeek::max_random() & fix misuse of RAND_MAX w/ zeek::random_number() Deprecate bro_random(), replace with zeek::random_number() Deprecate bro_prng(), replace with zeek::prng() GH-1076: Fix bro_srandom() to replace 0 seeds with 1 GH-1076: Fix bro_prng() implementation GH-1076: Fix use of getrandom()

jsbarber · 2020-07-23T23:01:46Z

@jsiwek Looks good to me. Thanks!

The intermediate result of the PRNG used unsigned storage, preventing the ( result < 0 ) branch from ever being evaluated. This could cause return values to exceed the modulus as well as RAND_MAX. One interesting effect of this is potential for the rand() BIF to return values outside the requested maximum limit. Another interesting effect of this is that a PacketFilter may start randomly dropping packets even if it was not configured for random-packet-drops. (cherry picked from commit 0f4eb9a)

The bro_prng() implementation cannot generate 0 as a result since it causes every subsequent number from the PRNG to also be 0, so use the number 1 instead of 0. (cherry picked from commit 887b53b)

The intermediate result of the PRNG used unsigned storage, preventing the ( result < 0 ) branch from ever being evaluated. This could cause return values to exceed the modulus as well as RAND_MAX. One interesting effect of this is potential for the rand() BIF to return values outside the requested maximum limit. Another interesting effect of this is that a PacketFilter may start randomly dropping packets even if it was not configured for random-packet-drops. (cherry picked from commit 0f4eb9a)

The bro_prng() implementation cannot generate 0 as a result since it causes every subsequent number from the PRNG to also be 0, so use the number 1 instead of 0. (cherry picked from commit 887b53b)

The availability and use of getrandom() actually caused unrandom and deterministic results in terms of Zeek's random number generation. (cherry picked from commit dba7643)

jsiwek added this to Unassigned / Todo in Release 3.2.0 via automation Jul 21, 2020

jsiwek added this to the 3.2.0 milestone Jul 21, 2020

jsiwek added the Type: Bug 🐛 Unexpected behavior or output. label Jul 21, 2020

jsiwek self-assigned this Jul 21, 2020

jsiwek added a commit that referenced this issue Jul 21, 2020

GH-1076: Fix use of getrandom()

eaf5a9b

The availability and use of getrandom() actually caused unrandom and deterministic results in terms of Zeek's random number generation.

jsiwek added a commit that referenced this issue Jul 22, 2020

GH-1076: Fix bro_srandom() to replace 0 seeds with 1

4a6622d

The bro_prng() implementation cannot generate 0 as a result since it causes every subsequent number from the PRNG to also be 0, so use the number 1 instead of 0.

This was referenced Jul 22, 2020

Random number generation fixes/maintenance #1081

Merged

RNG maintenance/suggestions #1082

Open

jsiwek added a commit that referenced this issue Jul 22, 2020

GH-1076: Fix use of getrandom()

dba7643

The availability and use of getrandom() actually caused unrandom and deterministic results in terms of Zeek's random number generation.

jsiwek added a commit that referenced this issue Jul 22, 2020

GH-1076: Fix bro_srandom() to replace 0 seeds with 1

887b53b

The bro_prng() implementation cannot generate 0 as a result since it causes every subsequent number from the PRNG to also be 0, so use the number 1 instead of 0.

timwoj closed this as completed in #1081 Jul 23, 2020

Release 3.2.0 automation moved this from Unassigned / Todo to Done Jul 23, 2020

jsiwek mentioned this issue Jul 23, 2020

Upcoming patch release bug fixes #724

Open

13 tasks

jsiwek added a commit that referenced this issue Jul 24, 2020

GH-1076: Fix use of getrandom()

c66a6b2

The availability and use of getrandom() actually caused unrandom and deterministic results in terms of Zeek's random number generation. (cherry picked from commit dba7643)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Random number generation bugs #1076

Random number generation bugs #1076

jsbarber commented Jul 20, 2020

jsiwek commented Jul 22, 2020

jsbarber commented Jul 23, 2020

Random number generation bugs #1076

Random number generation bugs #1076

Comments

jsbarber commented Jul 20, 2020

jsiwek commented Jul 22, 2020

jsbarber commented Jul 23, 2020