lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

security: fix for vulnerability CVE-2014-0017

Browse Source 
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
This commit is contained in:
Aris Adamantiadis
2014-02-05 21:24:12 +01:00
parent 6cd94a63ff
commit 3fdd82f2a8
4 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/libgcrypt.c
View File

@@ -45,6 +45,9 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
return 0;
}
void ssh_reseed(void){
}
SHACTX sha1_init(void) {
SHACTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA1, 0);