From 48f0bfc70363ca31c8889ca68759e587bc6d7cbd Mon Sep 17 00:00:00 2001 From: Aris Adamantiadis Date: Wed, 5 Feb 2014 21:24:12 +0100 Subject: security: fix for vulnerability CVE-2014-0017 When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue. Conflicts: src/bind.c --- src/bind.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/bind.c') diff --git a/src/bind.c b/src/bind.c index cc79f8eb..cdcdabe1 100644 --- a/src/bind.c +++ b/src/bind.c @@ -374,7 +374,8 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) { ssh_socket_get_poll_handle_out(session->socket); session->dsa_key = dsa; session->rsa_key = rsa; - + /* force PRNG to change state in case we fork after ssh_bind_accept */ + ssh_reseed(); return SSH_OK; } -- cgit