2 files changed, 7 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 713e09dbe..727767210 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20080604
+ - (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias
+   in arc4random_uniform with upper_bound in (2^30,2*31). Note that 
+   OpenSSH did not make requests with upper bounds in this range.
+
 20080519
  - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in]
    [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h]
@@ -4023,4 +4028,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4935 2008/05/19 22:57:06 djm Exp $
+$Id: ChangeLog,v 1.4936 2008/06/04 00:54:00 djm Exp $
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c
index 92e7e7b58..9d4c8690e 100644
--- a/openbsd-compat/bsd-arc4random.c
+++ b/openbsd-compat/bsd-arc4random.c
@@ -129,7 +129,7 @@ arc4random_uniform(u_int32_t upper_bound)
                 min = 1 + ~upper_bound;         /* 2**32 - upper_bound */
         else {
                 /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
-                min = ((0xffffffff - (upper_bound << 2)) + 1) % upper_bound;
+                min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
         }
 #endif