diff options
| -rw-r--r-- | clientloop.c | 15 | ||||
| -rw-r--r-- | hostfile.c | 7 |
2 files changed, 10 insertions, 12 deletions
diff --git a/clientloop.c b/clientloop.c index 47098f3af..58e712241 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.287 2016/09/12 01:22:38 deraadt Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.288 2016/09/17 18:00:27 tedu Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -311,7 +311,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
| 311 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; | 311 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; |
| 312 | static char proto[512], data[512]; | 312 | static char proto[512], data[512]; |
| 313 | FILE *f; | 313 | FILE *f; |
| 314 | int got_data = 0, generated = 0, do_unlink = 0, i, r; | 314 | int got_data = 0, generated = 0, do_unlink = 0, r; |
| 315 | struct stat st; | 315 | struct stat st; |
| 316 | u_int now, x11_timeout_real; | 316 | u_int now, x11_timeout_real; |
| 317 | 317 | ||
| @@ -438,17 +438,16 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
| 438 | * for the local connection. | 438 | * for the local connection. |
| 439 | */ | 439 | */ |
| 440 | if (!got_data) { | 440 | if (!got_data) { |
| 441 | u_int32_t rnd = 0; | 441 | u_int8_t rnd[16]; |
| 442 | u_int i; | ||
| 442 | 443 | ||
| 443 | logit("Warning: No xauth data; " | 444 | logit("Warning: No xauth data; " |
| 444 | "using fake authentication data for X11 forwarding."); | 445 | "using fake authentication data for X11 forwarding."); |
| 445 | strlcpy(proto, SSH_X11_PROTO, sizeof proto); | 446 | strlcpy(proto, SSH_X11_PROTO, sizeof proto); |
| 446 | for (i = 0; i < 16; i++) { | 447 | arc4random_buf(rnd, sizeof(rnd)); |
| 447 | if (i % 4 == 0) | 448 | for (i = 0; i < sizeof(rnd); i++) { |
| 448 | rnd = arc4random(); | ||
| 449 | snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", | 449 | snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", |
| 450 | rnd & 0xff); | 450 | rnd[i]); |
| 451 | rnd >>= 8; | ||
| 452 | } | 451 | } |
| 453 | } | 452 | } |
| 454 | 453 | ||
diff --git a/hostfile.c b/hostfile.c index 2850a4793..4548fbab3 100644 --- a/hostfile.c +++ b/hostfile.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -123,14 +123,13 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
| 123 | u_char salt[256], result[256]; | 123 | u_char salt[256], result[256]; |
| 124 | char uu_salt[512], uu_result[512]; | 124 | char uu_salt[512], uu_result[512]; |
| 125 | static char encoded[1024]; | 125 | static char encoded[1024]; |
| 126 | u_int i, len; | 126 | u_int len; |
| 127 | 127 | ||
| 128 | len = ssh_digest_bytes(SSH_DIGEST_SHA1); | 128 | len = ssh_digest_bytes(SSH_DIGEST_SHA1); |
| 129 | 129 | ||
| 130 | if (name_from_hostfile == NULL) { | 130 | if (name_from_hostfile == NULL) { |
| 131 | /* Create new salt */ | 131 | /* Create new salt */ |
| 132 | for (i = 0; i < len; i++) | 132 | arc4random_buf(salt, len); |
| 133 | salt[i] = arc4random(); | ||
| 134 | } else { | 133 | } else { |
| 135 | /* Extract salt from known host entry */ | 134 | /* Extract salt from known host entry */ |
| 136 | if (extract_salt(name_from_hostfile, src_len, salt, | 135 | if (extract_salt(name_from_hostfile, src_len, salt, |