security: fix for vulnerability CVE-2014-0017v0-5

When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue. Conflicts: src/bind.c
author: Aris Adamantiadis <aris@0xbadc0de.be> 2014-02-05 21:24:12 +0100
committer: Aris Adamantiadis <aris@0xbadc0de.be> 2014-03-04 09:54:25 +0100
commit: 48f0bfc70363ca31c8889ca68759e587bc6d7cbd (patch)
tree: 57bc7d4da024be3bfce56749daccb1dd1faabf33 /src/libgcrypt.c
parent: 87549f7bb6a570481f377e628001a04175f7d3a5 (diff)
download: libssh-v0-5.tar.gz
libssh-v0-5.tar.xz
libssh-v0-5.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index f8fe96f2..9a7ea431 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struct *cipher) {
     return 0;
 }
 
+void ssh_reseed(void){
+	}
+
 SHACTX sha1_init(void) {
   SHACTX ctx = NULL;
   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
author	Aris Adamantiadis <aris@0xbadc0de.be>	2014-02-05 21:24:12 +0100
committer	Aris Adamantiadis <aris@0xbadc0de.be>	2014-03-04 09:54:25 +0100
commit	48f0bfc70363ca31c8889ca68759e587bc6d7cbd (patch)
tree	57bc7d4da024be3bfce56749daccb1dd1faabf33 /src/libgcrypt.c
parent	87549f7bb6a570481f377e628001a04175f7d3a5 (diff)
download	libssh-v0-5.tar.gz libssh-v0-5.tar.xz libssh-v0-5.zip