Fill fields in legacy certificates with random data (#784641)
This commit is contained in:
parent
9e4020a205
commit
10e85cd595
|
@ -0,0 +1,14 @@
|
|||
diff --git a/key.c b/key.c
|
||||
index 57ad9fd..5886d44 100644
|
||||
--- a/key.c
|
||||
+++ b/key.c
|
||||
@@ -1517,8 +1517,8 @@ key_certify(Key *k, Key *ca)
|
||||
buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
|
||||
|
||||
/* -v01 certs put nonce first */
|
||||
+ arc4random_buf(&nonce, sizeof(nonce));
|
||||
if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) {
|
||||
- arc4random_buf(&nonce, sizeof(nonce));
|
||||
buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
|
||||
}
|
||||
|
|
@ -143,6 +143,8 @@ Patch81: openssh-5.6p1-clientloop.patch
|
|||
Patch82:openssh-5.6p1-getaddrinfo.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1838
|
||||
Patch83:openssh-5.6p1-linux-oomkiller.patch
|
||||
#https://bugzilla.redhat.com//show_bug.cgi?id=784641
|
||||
Patch84:openssh-5.6p1-legacy-certificate.patch
|
||||
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
|
@ -328,6 +330,7 @@ popd
|
|||
%patch81 -p1 -b .clientloop
|
||||
%patch82 -p1 -b .getaddrinfo
|
||||
%patch83 -p0 -b .oomkiller
|
||||
%patch84 -p1 -b .legacy
|
||||
|
||||
autoreconf
|
||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
|
|
Loading…
Reference in New Issue