- markus@cvs.openbsd.org 2001/02/28 21:21:41

     [sshd.c]
     generate a fake session id, too

diff --git a/ChangeLog b/ChangeLog
index 7ad5f66603caf728417dd7a0c824c21383993562..b6e69185436b290db63ed5e7195e8fff48437ee3 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -82,6 +82,9 @@
    - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
      [misc.c]
      for completeness, copy pw_gecos too
+   - markus@cvs.openbsd.org 2001/02/28 21:21:41
+     [sshd.c]
+     generate a fake session id, too
 
 20010304
  - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.

diff --git a/sshd.c b/sshd.c
index 2669a935e064296791fd1a3420bfaa14a148e5bb..2f4cfb6f0f6e271d289cd6277f042c47d35a6913 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.169 2001/02/23 18:15:13 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.170 2001/02/28 21:21:41 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1397,6 +1397,8 @@ do_ssh1_kex(void)
                MD5_Final(session_key + 16, &md);
                memset(buf, 0, bytes);
                xfree(buf);
+               for (i = 0; i < 16; i++)
+                       session_id[i] = session_key[i] ^ session_key[i + 16];
        }
        /* Destroy the private and public keys.  They will no longer be needed. */
        destroy_sensitive_data();