Ted Unangst wrote:
> no change, but makes the code a little shorter.

while here, another similar spot.


Index: clientloop.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v
retrieving revision 1.287
diff -u -p -r1.287 clientloop.c
--- clientloop.c        12 Sep 2016 01:22:38 -0000      1.287
+++ clientloop.c        17 Sep 2016 01:16:46 -0000
@@ -303,7 +303,7 @@ client_x11_get_proto(const char *display
        char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
        static char proto[512], data[512];
        FILE *f;
-       int got_data = 0, generated = 0, do_unlink = 0, i, r;
+       int got_data = 0, generated = 0, do_unlink = 0, r;
        struct stat st;
        u_int now, x11_timeout_real;
 
@@ -430,17 +430,16 @@ client_x11_get_proto(const char *display
         * for the local connection.
         */
        if (!got_data) {
-               u_int32_t rnd = 0;
+               u_int8_t rnd[16];
+               u_int i;
 
                logit("Warning: No xauth data; "
                    "using fake authentication data for X11 forwarding.");
                strlcpy(proto, SSH_X11_PROTO, sizeof proto);
-               for (i = 0; i < 16; i++) {
-                       if (i % 4 == 0)
-                               rnd = arc4random();
+               arc4random_buf(rnd, sizeof(rnd));
+               for (i = 0; i < sizeof(rnd); i++) {
                        snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
-                           rnd & 0xff);
-                       rnd >>= 8;
+                           rnd[i]);
                }
        }
 
Index: hostfile.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/hostfile.c,v
retrieving revision 1.66
diff -u -p -r1.66 hostfile.c
--- hostfile.c  4 May 2015 06:10:48 -0000       1.66
+++ hostfile.c  17 Sep 2016 03:15:29 -0000
@@ -120,14 +120,13 @@ host_hash(const char *host, const char *
        u_char salt[256], result[256];
        char uu_salt[512], uu_result[512];
        static char encoded[1024];
-       u_int i, len;
+       u_int len;
 
        len = ssh_digest_bytes(SSH_DIGEST_SHA1);
 
        if (name_from_hostfile == NULL) {
                /* Create new salt */
-               for (i = 0; i < len; i++)
-                       salt[i] = arc4random();
+               arc4random_buf(salt, len);
        } else {
                /* Extract salt from known host entry */
                if (extract_salt(name_from_hostfile, src_len, salt,

Reply via email to