diff options
Diffstat (limited to 'channels.c')
-rw-r--r-- | channels.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/channels.c b/channels.c index 241aa3cdc..5d8c2a0c0 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.352 2016/09/12 01:22:38 deraadt Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.353 2016/09/19 07:52:42 natano Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -4215,7 +4215,6 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, | |||
4215 | char *new_data; | 4215 | char *new_data; |
4216 | int screen_number; | 4216 | int screen_number; |
4217 | const char *cp; | 4217 | const char *cp; |
4218 | u_int32_t rnd = 0; | ||
4219 | 4218 | ||
4220 | if (x11_saved_display == NULL) | 4219 | if (x11_saved_display == NULL) |
4221 | x11_saved_display = xstrdup(disp); | 4220 | x11_saved_display = xstrdup(disp); |
@@ -4236,23 +4235,20 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, | |||
4236 | if (x11_saved_proto == NULL) { | 4235 | if (x11_saved_proto == NULL) { |
4237 | /* Save protocol name. */ | 4236 | /* Save protocol name. */ |
4238 | x11_saved_proto = xstrdup(proto); | 4237 | x11_saved_proto = xstrdup(proto); |
4239 | /* | 4238 | |
4240 | * Extract real authentication data and generate fake data | 4239 | /* Extract real authentication data. */ |
4241 | * of the same length. | ||
4242 | */ | ||
4243 | x11_saved_data = xmalloc(data_len); | 4240 | x11_saved_data = xmalloc(data_len); |
4244 | x11_fake_data = xmalloc(data_len); | ||
4245 | for (i = 0; i < data_len; i++) { | 4241 | for (i = 0; i < data_len; i++) { |
4246 | if (sscanf(data + 2 * i, "%2x", &value) != 1) | 4242 | if (sscanf(data + 2 * i, "%2x", &value) != 1) |
4247 | fatal("x11_request_forwarding: bad " | 4243 | fatal("x11_request_forwarding: bad " |
4248 | "authentication data: %.100s", data); | 4244 | "authentication data: %.100s", data); |
4249 | if (i % 4 == 0) | ||
4250 | rnd = arc4random(); | ||
4251 | x11_saved_data[i] = value; | 4245 | x11_saved_data[i] = value; |
4252 | x11_fake_data[i] = rnd & 0xff; | ||
4253 | rnd >>= 8; | ||
4254 | } | 4246 | } |
4255 | x11_saved_data_len = data_len; | 4247 | x11_saved_data_len = data_len; |
4248 | |||
4249 | /* Generate fake data of the same length. */ | ||
4250 | x11_fake_data = xmalloc(data_len); | ||
4251 | arc4random_buf(x11_fake_data, data_len); | ||
4256 | x11_fake_data_len = data_len; | 4252 | x11_fake_data_len = data_len; |
4257 | } | 4253 | } |
4258 | 4254 | ||