On Mon, Sep 19, 2016 at 5:41 AM, Martin Natano <nat...@natano.net> wrote:

> Two more loops that can be converted to arc4random_buf(). Ok?
> [...]
> +               arc4random_buf(x11_fake_data, data_len);
>                 for (i = 0; i < data_len; i++) {

I'd put that below the for loop so it matches the order of the comment
above ("Extract real authentication data and generate fake data of the same
length.").  Or better yet, change the comment and group all of the
operations on x11_fake_data and x11_fake_data_len together.


> +       arc4random_buf(session_key, SSH_SESSION_KEY_LENGTH);

sizeof(session_key) instead please.

with those, ok dtucker@

Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reply via email to