- djm@cvs.openbsd.org 2013/08/22 19:02:21

[sshd.c]
     Stir PRNG after post-accept fork. The child gets a different PRNG state
     anyway via rexec and explicit privsep reseeds, but it's good to be sure.
     ok markus@
This commit is contained in:
Damien Miller 2013-09-14 09:44:37 +10:00
parent ed4af412da
commit 045bda5cb8
2 changed files with 15 additions and 1 deletions

View File

@ -1,3 +1,11 @@
20130914
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2013/08/22 19:02:21
[sshd.c]
Stir PRNG after post-accept fork. The child gets a different PRNG state
anyway via rexec and explicit privsep reseeds, but it's good to be sure.
ok markus@
20130828 20130828
- (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we 'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we

8
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */ /* $OpenBSD: sshd.c,v 1.405 2013/08/22 19:02:21 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -613,6 +613,7 @@ privsep_preauth_child(void)
arc4random_stir(); arc4random_stir();
arc4random_buf(rnd, sizeof(rnd)); arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd));
bzero(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */ /* Demote the private keys to public keys. */
demote_sensitive_data(); demote_sensitive_data();
@ -747,6 +748,7 @@ privsep_postauth(Authctxt *authctxt)
arc4random_stir(); arc4random_stir();
arc4random_buf(rnd, sizeof(rnd)); arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd));
bzero(rnd, sizeof(rnd));
/* Drop privileges */ /* Drop privileges */
do_setusercontext(authctxt->pw); do_setusercontext(authctxt->pw);
@ -1139,6 +1141,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
struct sockaddr_storage from; struct sockaddr_storage from;
socklen_t fromlen; socklen_t fromlen;
pid_t pid; pid_t pid;
u_char rnd[256];
/* setup fd set for accept */ /* setup fd set for accept */
fdset = NULL; fdset = NULL;
@ -1339,6 +1342,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
* from that of the child * from that of the child
*/ */
arc4random_stir(); arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
bzero(rnd, sizeof(rnd));
} }
/* child process check (or debug mode) */ /* child process check (or debug mode) */