* New upstream release (http://www.openssh.org/txt/release-5.8):

- Fix stack information leak in legacy certificate signing (http://www.openssh.com/txt/legacy-cert.adv).
author: Colin Watson <cjwatson@debian.org> 2011-02-05 11:09:46 +0000
committer: Colin Watson <cjwatson@debian.org> 2011-02-05 11:09:46 +0000
commit: 95f10426499726f33812622009ac98180268c632 (patch)
tree: a21f909f1c9aa5857e087c7e2bc8a4a13c5e93b7 /key.c
parent: 8cd65668d5473dfa4912f8a727c0f30ce40db424 (diff)
parent: 338146a3fc257e216fe5c10fe40e6896b40d7739 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/key.c b/key.c
index 6ccfd8dcb..d30dc5c3c 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */
 /*
 * read_bignum():
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1890,10 +1890,9 @@ key_certify(Key *k, Key *ca)
        buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
        /* -v01 certs put nonce first */
-        if (!key_cert_is_legacy(k)) {
+        arc4random_buf(&nonce, sizeof(nonce));
-                arc4random_buf(&nonce, sizeof(nonce));
+        if (!key_cert_is_legacy(k))
                buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
-        }
        switch (k->type) {
        case KEY_DSA_CERT_V00:
author	Colin Watson <cjwatson@debian.org>	2011-02-05 11:09:46 +0000
committer	Colin Watson <cjwatson@debian.org>	2011-02-05 11:09:46 +0000
commit	95f10426499726f33812622009ac98180268c632 (patch)
tree	a21f909f1c9aa5857e087c7e2bc8a4a13c5e93b7 /key.c
parent	8cd65668d5473dfa4912f8a727c0f30ce40db424 (diff)
parent	338146a3fc257e216fe5c10fe40e6896b40d7739 (diff)