- EGD uses a socket, not a named pipe. Duh.
- Fix includes in fingerprint.c
diff --git a/ChangeLog b/ChangeLog
index 71fdc4a..5c9024f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,13 @@
19991119
- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
+ (off-by-one error - doesn't appear to be easily exploitable)
- Merged OpenBSD CVS changes
- [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
more %d vs. %s in fmt-strings
- [authfd.c]
Integers should not be printed with %s
+ - EGD uses a socket, not a named pipe. Duh.
+ - Fix includes in fingerprint.c
19991118
- Merged OpenBSD CVS changes
diff --git a/fingerprint.c b/fingerprint.c
index c319fa2..9a9b635 100644
--- a/fingerprint.c
+++ b/fingerprint.c
@@ -1,9 +1,15 @@
#include "includes.h"
-RCSID("$Id: fingerprint.c,v 1.1 1999/11/16 22:49:28 markus Exp $");
+RCSID("$Id: fingerprint.c,v 1.1 1999/11/17 06:29:08 damien Exp $");
#include "ssh.h"
#include "xmalloc.h"
+
+#ifdef HAVE_OPENSSL
+#include <openssl/md5.h>
+#endif
+#ifdef HAVE_SSL
#include <ssl/md5.h>
+#endif
#define FPRINT "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x"
diff --git a/helper.c b/helper.c
index 6d77759..efb7a46 100644
--- a/helper.c
+++ b/helper.c
@@ -41,6 +41,8 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/un.h>
#include <fcntl.h>
#include "rc4.h"
@@ -49,6 +51,10 @@
#include "config.h"
#include "helper.h"
+#ifndef offsetof
+#define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
#ifndef HAVE_ARC4RANDOM
void get_random_bytes(unsigned char *buf, int len);
@@ -80,17 +86,33 @@
void get_random_bytes(unsigned char *buf, int len)
{
- int random_pool;
+ static int random_pool;
int c;
#ifdef HAVE_EGD
char egd_message[2] = { 0x02, 0x00 };
-#endif /* HAVE_EGD */
+ struct sockaddr_un addr;
+ int addr_len;
+
+ memset(&addr, '\0', sizeof(addr));
+ addr.sun_family = AF_UNIX;
- random_pool = open(RANDOM_POOL, O_RDONLY);
+ /* FIXME: compile time check? */
+ if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path))
+ fatal("Random pool path is too long");
+
+ strncpy(addr.sun_path, RANDOM_POOL, sizeof(addr.sun_path - 1));
+ addr.sun_path[sizeof(addr.sun_path - 1)] = '\0';
+
+ addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL);
+
+ random_pool = socket(AF_UNIX, SOCK_STREAM, 0);
+
if (random_pool == -1)
- fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
+ fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
-#ifdef HAVE_EGD
+ if (connect(random_pool, (struct sockaddr*)&addr, addr_len) == -1)
+ fatal("Couldn't connect to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno));
+
if (len > 255)
fatal("Too many bytes to read from EGD");
@@ -99,6 +121,13 @@
c = write(random_pool, egd_message, sizeof(egd_message));
if (c == -1)
fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno));
+
+#else /* HAVE_EGD */
+
+ random_pool = open(RANDOM_POOL, O_RDONLY);
+ if (random_pool == -1)
+ fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
+
#endif /* HAVE_EGD */
c = read(random_pool, buf, len);