security: fix for vulnerability CVE-2014-0017

When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
2025-11-29 01:03:57 +03:00 · 2014-02-05 21:24:12 +01:00
parent c96e862c08
commit e99246246b
4 changed files with 15 additions and 0 deletions
--- a/src/bind.c
+++ b/src/bind.c
@@ -458,6 +458,8 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
          return SSH_ERROR;
        }
    }
+    /* force PRNG to change state in case we fork after ssh_bind_accept */
+    ssh_reseed();
    return SSH_OK;
 }