security: fix for vulnerability CVE-2014-0017

When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
author: Aris Adamantiadis <aris@0xbadc0de.be> 2014-02-05 21:24:12 +0100
committer: Aris Adamantiadis <aris@0xbadc0de.be> 2014-03-04 09:55:28 +0100
commit: e99246246b4061f7e71463f8806b9dcad65affa0 (patch)
tree: 3275b977bbb6e88f34a554ec02d7bbe4c4ccbbd8 /include
parent: c96e862c0821d4bb0aa2df676c7a8b212cd885b2 (diff)
download: libssh-e99246246b4061f7e71463f8806b9dcad65affa0.tar.gz
libssh-e99246246b4061f7e71463f8806b9dcad65affa0.tar.xz
libssh-e99246246b4061f7e71463f8806b9dcad65affa0.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index 7374a88a..e8ff32c1 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -70,5 +70,6 @@ int crypt_set_algorithms_server(ssh_session session);
 struct ssh_crypto_struct *crypto_new(void);
 void crypto_free(struct ssh_crypto_struct *crypto);
 
+void ssh_reseed(void);
 
 #endif /* WRAPPER_H_ */
author	Aris Adamantiadis <aris@0xbadc0de.be>	2014-02-05 21:24:12 +0100
committer	Aris Adamantiadis <aris@0xbadc0de.be>	2014-03-04 09:55:28 +0100
commit	e99246246b4061f7e71463f8806b9dcad65affa0 (patch)
tree	3275b977bbb6e88f34a554ec02d7bbe4c4ccbbd8 /include
parent	c96e862c0821d4bb0aa2df676c7a8b212cd885b2 (diff)
download	libssh-e99246246b4061f7e71463f8806b9dcad65affa0.tar.gz libssh-e99246246b4061f7e71463f8806b9dcad65affa0.tar.xz libssh-e99246246b4061f7e71463f8806b9dcad65affa0.zip