Module Name: src
Committed By: christos
Date: Fri Feb 4 22:11:09 UTC 2011
Modified Files:
src/crypto/external/bsd/openssh/dist: key.c
Log Message:
Fix CVE-2011-0539:
Legacy certificates generated by OpenSSH might contain data
from the stack thus leaking confidential information.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/key.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/key.c
diff -u src/crypto/external/bsd/openssh/dist/key.c:1.4 src/crypto/external/bsd/openssh/dist/key.c:1.5
--- src/crypto/external/bsd/openssh/dist/key.c:1.4 Sun Nov 21 13:59:04 2010
+++ src/crypto/external/bsd/openssh/dist/key.c Fri Feb 4 17:11:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.4 2010/11/21 18:59:04 adam Exp $ */
+/* $NetBSD: key.c,v 1.5 2011/02/04 22:11:09 christos Exp $ */
/* $OpenBSD: key.c,v 1.90 2010/07/13 23:13:16 djm Exp $ */
/*
* read_bignum():
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: key.c,v 1.4 2010/11/21 18:59:04 adam Exp $");
+__RCSID("$NetBSD: key.c,v 1.5 2011/02/04 22:11:09 christos Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -1514,10 +1514,8 @@
buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
/* -v01 certs put nonce first */
+ arc4random_buf(&nonce, sizeof(nonce));
if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) {
- /*arc4random_buf(&nonce, sizeof(nonce));*/
- for (i = 0; i < sizeof(nonce); i += 4)
- *(uint32_t *)&(nonce[i]) = arc4random();
buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
}
