diff options
author | Damien Miller <djm@mindrot.org> | 2013-09-14 09:44:37 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-09-14 09:44:37 +1000 |
commit | 045bda5cb8acf0eb9d71c275ee1247e3154fc9e5 (patch) | |
tree | 3c7d3b0628251c3237ab33f7095275d0c2244eb0 /sshd.c | |
parent | ed4af412da60a084891b20412433a27966613fb8 (diff) | |
download | openssh-git-045bda5cb8acf0eb9d71c275ee1247e3154fc9e5.tar.gz |
- djm@cvs.openbsd.org 2013/08/22 19:02:21
[sshd.c]
Stir PRNG after post-accept fork. The child gets a different PRNG state
anyway via rexec and explicit privsep reseeds, but it's good to be sure.
ok markus@
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.405 2013/08/22 19:02:21 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -613,6 +613,7 @@ privsep_preauth_child(void) arc4random_stir(); arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); + bzero(rnd, sizeof(rnd)); /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -747,6 +748,7 @@ privsep_postauth(Authctxt *authctxt) arc4random_stir(); arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); + bzero(rnd, sizeof(rnd)); /* Drop privileges */ do_setusercontext(authctxt->pw); @@ -1139,6 +1141,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) struct sockaddr_storage from; socklen_t fromlen; pid_t pid; + u_char rnd[256]; /* setup fd set for accept */ fdset = NULL; @@ -1339,6 +1342,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * from that of the child */ arc4random_stir(); + arc4random_buf(rnd, sizeof(rnd)); + RAND_seed(rnd, sizeof(rnd)); + bzero(rnd, sizeof(rnd)); } /* child process check (or debug mode) */ |