diff options
| author | Aris Adamantiadis <aris@0xbadc0de.be> | 2014-02-05 21:24:12 +0100 |
|---|---|---|
| committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2014-03-04 09:54:25 +0100 |
| commit | 48f0bfc70363ca31c8889ca68759e587bc6d7cbd (patch) | |
| tree | 57bc7d4da024be3bfce56749daccb1dd1faabf33 /src/libcrypto.c | |
| parent | 87549f7bb6a570481f377e628001a04175f7d3a5 (diff) | |
| download | libssh-v0-5.tar.gz libssh-v0-5.tar.xz libssh-v0-5.zip | |
security: fix for vulnerability CVE-2014-0017v0-5
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
Conflicts:
src/bind.c
Diffstat (limited to 'src/libcrypto.c')
| -rw-r--r-- | src/libcrypto.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/libcrypto.c b/src/libcrypto.c index f43a91eb..0932cbea 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -23,6 +23,7 @@ #include <stdlib.h> #include <stdio.h> #include <string.h> +#include <sys/time.h> #include "libssh/priv.h" #include "libssh/session.h" @@ -38,6 +39,8 @@ #include <openssl/rsa.h> #include <openssl/hmac.h> #include <openssl/opensslv.h> +#include <openssl/rand.h> + #ifdef HAVE_OPENSSL_AES_H #define HAS_AES #include <openssl/aes.h> @@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struct *cipher) { return 0; } +void ssh_reseed(void){ + struct timeval tv; + gettimeofday(&tv, NULL); + RAND_add(&tv, sizeof(tv), 0.0); +} + SHACTX sha1_init(void) { SHACTX c = malloc(sizeof(*c)); if (c == NULL) { |