summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortedu@openbsd.org <tedu@openbsd.org>2016-09-17 18:00:27 +0000
committerDamien Miller <djm@mindrot.org>2016-09-21 11:03:55 +1000
commit1036356324fecc13099ac6e986b549f6219327d7 (patch)
treefbbfd350f14d5d3976f6aa10958300741fa860b3
parent00df97ff68a49a756d4b977cd02283690f5dfa34 (diff)
upstream commit
replace two arc4random loops with arc4random_buf ok deraadt natano Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48
Diffstat
-rw-r--r--clientloop.c15
-rw-r--r--hostfile.c7
2 files changed, 10 insertions, 12 deletions
diff --git a/clientloop.c b/clientloop.c
index 47098f3af..58e712241 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.287 2016/09/12 01:22:38 deraadt Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.288 2016/09/17 18:00:27 tedu Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -311,7 +311,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
311 char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; 311 char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
312 static char proto[512], data[512]; 312 static char proto[512], data[512];
313 FILE *f; 313 FILE *f;
314 int got_data = 0, generated = 0, do_unlink = 0, i, r; 314 int got_data = 0, generated = 0, do_unlink = 0, r;
315 struct stat st; 315 struct stat st;
316 u_int now, x11_timeout_real; 316 u_int now, x11_timeout_real;
317 317
@@ -438,17 +438,16 @@ client_x11_get_proto(const char *display, const char *xauth_path,
438 * for the local connection. 438 * for the local connection.
439 */ 439 */
440 if (!got_data) { 440 if (!got_data) {
441 u_int32_t rnd = 0; 441 u_int8_t rnd[16];
442 u_int i;
442 443
443 logit("Warning: No xauth data; " 444 logit("Warning: No xauth data; "
444 "using fake authentication data for X11 forwarding."); 445 "using fake authentication data for X11 forwarding.");
445 strlcpy(proto, SSH_X11_PROTO, sizeof proto); 446 strlcpy(proto, SSH_X11_PROTO, sizeof proto);
446 for (i = 0; i < 16; i++) { 447 arc4random_buf(rnd, sizeof(rnd));
447 if (i % 4 == 0) 448 for (i = 0; i < sizeof(rnd); i++) {
448 rnd = arc4random();
449 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", 449 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
450 rnd & 0xff); 450 rnd[i]);
451 rnd >>= 8;
452 } 451 }
453 } 452 }
454 453
diff --git a/hostfile.c b/hostfile.c
index 2850a4793..4548fbab3 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,14 +123,13 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
123 u_char salt[256], result[256]; 123 u_char salt[256], result[256];
124 char uu_salt[512], uu_result[512]; 124 char uu_salt[512], uu_result[512];
125 static char encoded[1024]; 125 static char encoded[1024];
126 u_int i, len; 126 u_int len;
127 127
128 len = ssh_digest_bytes(SSH_DIGEST_SHA1); 128 len = ssh_digest_bytes(SSH_DIGEST_SHA1);
129 129
130 if (name_from_hostfile == NULL) { 130 if (name_from_hostfile == NULL) {
131 /* Create new salt */ 131 /* Create new salt */
132 for (i = 0; i < len; i++) 132 arc4random_buf(salt, len);
133 salt[i] = arc4random();
134 } else { 133 } else {
135 /* Extract salt from known host entry */ 134 /* Extract salt from known host entry */
136 if (extract_salt(name_from_hostfile, src_len, salt, 135 if (extract_salt(name_from_hostfile, src_len, salt,
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 07:35:12 +0000