diff options
Diffstat (limited to 'clientloop.c')
-rw-r--r-- | clientloop.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/clientloop.c b/clientloop.c index 47098f3af..58e712241 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.287 2016/09/12 01:22:38 deraadt Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.288 2016/09/17 18:00:27 tedu Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -311,7 +311,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
311 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; | 311 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; |
312 | static char proto[512], data[512]; | 312 | static char proto[512], data[512]; |
313 | FILE *f; | 313 | FILE *f; |
314 | int got_data = 0, generated = 0, do_unlink = 0, i, r; | 314 | int got_data = 0, generated = 0, do_unlink = 0, r; |
315 | struct stat st; | 315 | struct stat st; |
316 | u_int now, x11_timeout_real; | 316 | u_int now, x11_timeout_real; |
317 | 317 | ||
@@ -438,17 +438,16 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
438 | * for the local connection. | 438 | * for the local connection. |
439 | */ | 439 | */ |
440 | if (!got_data) { | 440 | if (!got_data) { |
441 | u_int32_t rnd = 0; | 441 | u_int8_t rnd[16]; |
442 | u_int i; | ||
442 | 443 | ||
443 | logit("Warning: No xauth data; " | 444 | logit("Warning: No xauth data; " |
444 | "using fake authentication data for X11 forwarding."); | 445 | "using fake authentication data for X11 forwarding."); |
445 | strlcpy(proto, SSH_X11_PROTO, sizeof proto); | 446 | strlcpy(proto, SSH_X11_PROTO, sizeof proto); |
446 | for (i = 0; i < 16; i++) { | 447 | arc4random_buf(rnd, sizeof(rnd)); |
447 | if (i % 4 == 0) | 448 | for (i = 0; i < sizeof(rnd); i++) { |
448 | rnd = arc4random(); | ||
449 | snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", | 449 | snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", |
450 | rnd & 0xff); | 450 | rnd[i]); |
451 | rnd >>= 8; | ||
452 | } | 451 | } |
453 | } | 452 | } |
454 | 453 | ||