Module Name: src Committed By: christos Date: Fri Feb 4 22:11:09 UTC 2011
Modified Files: src/crypto/external/bsd/openssh/dist: key.c Log Message: Fix CVE-2011-0539: Legacy certificates generated by OpenSSH might contain data from the stack thus leaking confidential information. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/key.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/openssh/dist/key.c diff -u src/crypto/external/bsd/openssh/dist/key.c:1.4 src/crypto/external/bsd/openssh/dist/key.c:1.5 --- src/crypto/external/bsd/openssh/dist/key.c:1.4 Sun Nov 21 13:59:04 2010 +++ src/crypto/external/bsd/openssh/dist/key.c Fri Feb 4 17:11:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.4 2010/11/21 18:59:04 adam Exp $ */ +/* $NetBSD: key.c,v 1.5 2011/02/04 22:11:09 christos Exp $ */ /* $OpenBSD: key.c,v 1.90 2010/07/13 23:13:16 djm Exp $ */ /* * read_bignum(): @@ -36,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: key.c,v 1.4 2010/11/21 18:59:04 adam Exp $"); +__RCSID("$NetBSD: key.c,v 1.5 2011/02/04 22:11:09 christos Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -1514,10 +1514,8 @@ buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); /* -v01 certs put nonce first */ + arc4random_buf(&nonce, sizeof(nonce)); if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) { - /*arc4random_buf(&nonce, sizeof(nonce));*/ - for (i = 0; i < sizeof(nonce); i += 4) - *(uint32_t *)&(nonce[i]) = arc4random(); buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); }