- markus@cvs.openbsd.org 2001/02/28 21:21:41

     [sshd.c]
     generate a fake session id, too

2 files changed, 7 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 71b1a53fe..a2eaf69b6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -82,6 +82,9 @@
    - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
      [misc.c]
      for completeness, copy pw_gecos too
+   - markus@cvs.openbsd.org 2001/02/28 21:21:41
+     [sshd.c]
+     generate a fake session id, too
 
 20010304
  - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
@@ -4274,4 +4277,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.875 2001/03/05 06:22:01 mouring Exp $
+$Id: ChangeLog,v 1.876 2001/03/05 06:25:23 mouring Exp $
diff --git a/sshd.c b/sshd.c
index 2669a935e..2f4cfb6f0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.169 2001/02/23 18:15:13 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.170 2001/02/28 21:21:41 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1397,6 +1397,8 @@ do_ssh1_kex(void)
                 MD5_Final(session_key + 16, &md);
                 memset(buf, 0, bytes);
                 xfree(buf);
+                for (i = 0; i < 16; i++)
+                        session_id[i] = session_key[i] ^ session_key[i + 16];
         }
         /* Destroy the private and public keys.  They will no longer be needed. */
         destroy_sensitive_data();