upstream commit

Replace two more arc4random() loops with arc4random_buf(). tweaks and ok dtucker ok deraadt Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4
author: natano@openbsd.org <natano@openbsd.org> 2016-09-19 07:52:42 +0000
committer: Damien Miller <djm@mindrot.org> 2016-09-21 11:03:55 +1000
commit: 492710894acfcc2f173d14d1d45bd2e688df605d (patch)
tree: fd3f5579b3447829ded98734777aa5729dc3c149 /channels.c
parent: 1036356324fecc13099ac6e986b549f6219327d7 (diff)
1 files changed, 7 insertions, 11 deletions
diff --git a/channels.c b/channels.c
index 241aa3cdc..5d8c2a0c0 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.352 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: channels.c,v 1.353 2016/09/19 07:52:42 natano Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -4215,7 +4215,6 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
        char *new_data;
        int screen_number;
        const char *cp;
-        u_int32_t rnd = 0;
        if (x11_saved_display == NULL)
                x11_saved_display = xstrdup(disp);
@@ -4236,23 +4235,20 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
        if (x11_saved_proto == NULL) {
                /* Save protocol name. */
                x11_saved_proto = xstrdup(proto);
-                /*
-                 * Extract real authentication data and generate fake data
+                /* Extract real authentication data. */
-                 * of the same length.
-                 */
                x11_saved_data = xmalloc(data_len);
-                x11_fake_data = xmalloc(data_len);
                for (i = 0; i < data_len; i++) {
                        if (sscanf(data + 2 * i, "%2x", &value) != 1)
                                fatal("x11_request_forwarding: bad "
                                    "authentication data: %.100s", data);
-                        if (i % 4 == 0)
-                                rnd = arc4random();
                        x11_saved_data[i] = value;
-                        x11_fake_data[i] = rnd & 0xff;
-                        rnd >>= 8;
                }
                x11_saved_data_len = data_len;
+                /* Generate fake data of the same length. */
+                x11_fake_data = xmalloc(data_len);
+                arc4random_buf(x11_fake_data, data_len);
                x11_fake_data_len = data_len;
        }
author	natano@openbsd.org <natano@openbsd.org>	2016-09-19 07:52:42 +0000
committer	Damien Miller <djm@mindrot.org>	2016-09-21 11:03:55 +1000
commit	492710894acfcc2f173d14d1d45bd2e688df605d (patch)
tree	fd3f5579b3447829ded98734777aa5729dc3c149 /channels.c
parent	1036356324fecc13099ac6e986b549f6219327d7 (diff)

diff --git a/channels.c b/channels.c index 241aa3cdc..5d8c2a0c0 100644 --- a/channels.c +++ b/channels.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: channels.c,v 1.352 2016/09/12 01:22:38 deraadt Exp $ */	1	/* $OpenBSD: channels.c,v 1.353 2016/09/19 07:52:42 natano Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -4215,7 +4215,6 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
4215	char *new_data;	4215	char *new_data;
4216	int screen_number;	4216	int screen_number;
4217	const char *cp;	4217	const char *cp;
4218	u_int32_t rnd = 0;
4219		4218
4220	if (x11_saved_display == NULL)	4219	if (x11_saved_display == NULL)
4221	x11_saved_display = xstrdup(disp);	4220	x11_saved_display = xstrdup(disp);
@@ -4236,23 +4235,20 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
4236	if (x11_saved_proto == NULL) {	4235	if (x11_saved_proto == NULL) {
4237	/* Save protocol name. */	4236	/* Save protocol name. */
4238	x11_saved_proto = xstrdup(proto);	4237	x11_saved_proto = xstrdup(proto);
4239	/*	4238
4240	* Extract real authentication data and generate fake data	4239	/* Extract real authentication data. */
4241	* of the same length.
4242	*/
4243	x11_saved_data = xmalloc(data_len);	4240	x11_saved_data = xmalloc(data_len);
4244	x11_fake_data = xmalloc(data_len);
4245	for (i = 0; i < data_len; i++) {	4241	for (i = 0; i < data_len; i++) {
4246	if (sscanf(data + 2 * i, "%2x", &value) != 1)	4242	if (sscanf(data + 2 * i, "%2x", &value) != 1)
4247	fatal("x11_request_forwarding: bad "	4243	fatal("x11_request_forwarding: bad "
4248	"authentication data: %.100s", data);	4244	"authentication data: %.100s", data);
4249	if (i % 4 == 0)
4250	rnd = arc4random();
4251	x11_saved_data[i] = value;	4245	x11_saved_data[i] = value;
4252	x11_fake_data[i] = rnd & 0xff;
4253	rnd >>= 8;
4254	}	4246	}
4255	x11_saved_data_len = data_len;	4247	x11_saved_data_len = data_len;
		4248
		4249	/* Generate fake data of the same length. */
		4250	x11_fake_data = xmalloc(data_len);
		4251	arc4random_buf(x11_fake_data, data_len);
4256	x11_fake_data_len = data_len;	4252	x11_fake_data_len = data_len;
4257	}	4253	}
4258		4254