[src/trunk]: src/crypto/external/bsd/openssh/dist Fix CVE-2011-0539:

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/00f7e4232103
branches:  trunk
changeset: 761674:00f7e4232103
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Feb 04 22:11:09 2011 +0000

description:
Fix CVE-2011-0539:
Legacy certificates generated by OpenSSH might contain data
from the stack thus leaking confidential information.

diffstat:

 crypto/external/bsd/openssh/dist/key.c |  8 +++-----
 1 files changed, 3 insertions(+), 5 deletions(-)

diffs (30 lines):

diff -r 2b2806ed3844 -r 00f7e4232103 crypto/external/bsd/openssh/dist/key.c
--- a/crypto/external/bsd/openssh/dist/key.c    Fri Feb 04 22:09:17 2011 +0000
+++ b/crypto/external/bsd/openssh/dist/key.c    Fri Feb 04 22:11:09 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.4 2010/11/21 18:59:04 adam Exp $     */
+/*     $NetBSD: key.c,v 1.5 2011/02/04 22:11:09 christos Exp $ */
 /* $OpenBSD: key.c,v 1.90 2010/07/13 23:13:16 djm Exp $ */
 /*
  * read_bignum():
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: key.c,v 1.4 2010/11/21 18:59:04 adam Exp $");
+__RCSID("$NetBSD: key.c,v 1.5 2011/02/04 22:11:09 christos Exp $");
 #include <sys/param.h>
 #include <sys/types.h>
 
@@ -1514,10 +1514,8 @@
        buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
 
        /* -v01 certs put nonce first */
+       arc4random_buf(&nonce, sizeof(nonce));
        if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) {
-               /*arc4random_buf(&nonce, sizeof(nonce));*/
-               for (i = 0; i < sizeof(nonce); i += 4)
-                       *(uint32_t *)&(nonce[i]) = arc4random();
                buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
        }