- djm@cvs.openbsd.org 2011/02/04 00:44:21

     [key.c]
     fix uninitialised nonce variable; reported by Mateusz Kocielski

diff --git a/ChangeLog b/ChangeLog
index ddc4a6318eaf07230e92938a060b35a72fbc68e0..28298d59e1d5ab91bb922b678daa10b74b19449b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
    - djm@cvs.openbsd.org 2011/01/31 21:42:15
      [PROTOCOL.mux]
      cut'n'pasto; from bert.wesarg AT googlemail.com
+   - djm@cvs.openbsd.org 2011/02/04 00:44:21
+     [key.c]
+     fix uninitialised nonce variable; reported by Mateusz Kocielski
 
 20110128
  - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled

diff --git a/key.c b/key.c
index 1defb1132e82f949578173ca64112ec214236692..e3a305e66eae0f05cb6356e6236b487f9af3efdc 100644 (file)
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1886,10 +1886,9 @@ key_certify(Key *k, Key *ca)
        buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
 
        /* -v01 certs put nonce first */
-       if (!key_cert_is_legacy(k)) {
-               arc4random_buf(&nonce, sizeof(nonce));
+       arc4random_buf(&nonce, sizeof(nonce));
+       if (!key_cert_is_legacy(k))
                buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
-       }
 
        switch (k->type) {
        case KEY_DSA_CERT_V00: