diff --git a/ChangeLog b/ChangeLog index 71fdc4a66..5c9024fc3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,10 +1,13 @@ 19991119 - Merged PAM buffer overrun patch from Chip Salzenberg + (off-by-one error - doesn't appear to be easily exploitable) - Merged OpenBSD CVS changes - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c] more %d vs. %s in fmt-strings - [authfd.c] Integers should not be printed with %s + - EGD uses a socket, not a named pipe. Duh. + - Fix includes in fingerprint.c 19991118 - Merged OpenBSD CVS changes diff --git a/fingerprint.c b/fingerprint.c index c319fa230..9a9b63583 100644 --- a/fingerprint.c +++ b/fingerprint.c @@ -1,9 +1,15 @@ #include "includes.h" -RCSID("$Id: fingerprint.c,v 1.1 1999/11/16 22:49:28 markus Exp $"); +RCSID("$Id: fingerprint.c,v 1.1 1999/11/17 06:29:08 damien Exp $"); #include "ssh.h" #include "xmalloc.h" + +#ifdef HAVE_OPENSSL +#include +#endif +#ifdef HAVE_SSL #include +#endif #define FPRINT "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x" diff --git a/helper.c b/helper.c index 6d77759de..efb7a4631 100644 --- a/helper.c +++ b/helper.c @@ -41,6 +41,8 @@ #include #include +#include +#include #include #include "rc4.h" @@ -49,6 +51,10 @@ #include "config.h" #include "helper.h" +#ifndef offsetof +#define offsetof(type, member) ((size_t) &((type *)0)->member) +#endif + #ifndef HAVE_ARC4RANDOM void get_random_bytes(unsigned char *buf, int len); @@ -80,17 +86,33 @@ void arc4random_stir(void) void get_random_bytes(unsigned char *buf, int len) { - int random_pool; + static int random_pool; int c; #ifdef HAVE_EGD char egd_message[2] = { 0x02, 0x00 }; -#endif /* HAVE_EGD */ + struct sockaddr_un addr; + int addr_len; + + memset(&addr, '\0', sizeof(addr)); + addr.sun_family = AF_UNIX; + + /* FIXME: compile time check? */ + if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path)) + fatal("Random pool path is too long"); + + strncpy(addr.sun_path, RANDOM_POOL, sizeof(addr.sun_path - 1)); + addr.sun_path[sizeof(addr.sun_path - 1)] = '\0'; + + addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL); + + random_pool = socket(AF_UNIX, SOCK_STREAM, 0); - random_pool = open(RANDOM_POOL, O_RDONLY); if (random_pool == -1) - fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); + fatal("Couldn't create AF_UNIX socket: %s", strerror(errno)); -#ifdef HAVE_EGD + if (connect(random_pool, (struct sockaddr*)&addr, addr_len) == -1) + fatal("Couldn't connect to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno)); + if (len > 255) fatal("Too many bytes to read from EGD"); @@ -99,6 +121,13 @@ void get_random_bytes(unsigned char *buf, int len) c = write(random_pool, egd_message, sizeof(egd_message)); if (c == -1) fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno)); + +#else /* HAVE_EGD */ + + random_pool = open(RANDOM_POOL, O_RDONLY); + if (random_pool == -1) + fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); + #endif /* HAVE_EGD */ c = read(random_pool, buf, len);