Bug Description
In serversInfo.go, the error from crypto/rand.Read is silently discarded when generating random padding for test probe packets. If crypto/rand.Read fails (possible on certain platforms like containers with limited entropy), paddingData remains all zeros, weakening the DNS query size obfuscation.
Affected Code
serversInfo.go:867 and serversInfo.go:888:
paddingData := make([]byte, 16)
_, _ = crypto_rand.Read(paddingData) // error silently ignored
Impact
Weakens EDNS0 padding protection. While crypto/rand.Read rarely fails on typical systems, silently suppressing errors in a security-critical DNS proxy violates defense-in-depth principles.
Fix
Log the error:
if _, err := crypto_rand.Read(paddingData); err != nil {
dlog.Warnf("Failed to read random padding: %v", err)
}
Bug Description
In
serversInfo.go, the error fromcrypto/rand.Readis silently discarded when generating random padding for test probe packets. Ifcrypto/rand.Readfails (possible on certain platforms like containers with limited entropy),paddingDataremains all zeros, weakening the DNS query size obfuscation.Affected Code
serversInfo.go:867andserversInfo.go:888:Impact
Weakens EDNS0 padding protection. While
crypto/rand.Readrarely fails on typical systems, silently suppressing errors in a security-critical DNS proxy violates defense-in-depth principles.Fix
Log the error: