From a496f5831278c7e724d02de45f6cc6eba115b95c Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@systemlinux.org>
Date: Thu, 22 Aug 2013 23:13:37 +0200
Subject: [PATCH] crypt: Add workaround for non-fork-safe PRGs.

Some PRNGs implementations suffer from the problem that after a fork()
the PRNG state of parent and child process differ only by the child pid
which is mixed into the state. Certain versions of openssl are known to
contain this flaw.

On such implementations two command handlers will generate the same
challenge and session keys if their pid is identical. This may happen
due to pid wrapping.

This patch works around this shortcoming by reading some pseudo random
bytes in the parent process after each fork().
---
 server.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server.c b/server.c
index 36af088e..70d9137e 100644
--- a/server.c
+++ b/server.c
@@ -388,6 +388,9 @@ static int command_post_select(struct sched *s, struct task *t)
 		goto out;
 	}
 	if (child_pid) {
+		/* avoid problems with non-fork-safe PRNGs */
+		unsigned char buf[16];
+		get_random_bytes_or_die(buf, sizeof(buf));
 		close(new_fd);
 		/* parent keeps accepting connections */
 		return 0;
-- 
2.30.2