- OpenBSD CVS updates.

[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
2025-07-30 01:05:14 +02:00 · 2000-04-16 11:18:38 +10:00 · 2000-04-16 11:18:38 +10:00 · 4af51306d9
commit 4af51306d9
parent 5d1705ecf9
67 changed files with 779 additions and 646 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+20000415
+ - OpenBSD CVS updates.
+   [ssh.1 ssh.c]
+   - ssh -2
+   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
+   [session.c sshconnect.c]
+   - check payload for (illegal) extra data
+   [ALL]
+   whitespace cleanup
+
 20000413
 - INSTALL doc updates
 - Merged OpenBSD updates to include paths.
--- a/auth-passwd.c
+++ b/auth-passwd.c
@ -11,7 +11,7 @@

 #ifndef USE_PAM

-RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.17 2000/04/16 01:18:39 damien Exp $");

 #include "packet.h"
 #include "ssh.h"
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@ -15,7 +15,7 @@
 */

 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.10 2000/04/16 01:18:39 damien Exp $");

 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@ -16,7 +16,7 @@
 */

 #include "includes.h"
-RCSID("$Id: auth-rhosts.c,v 1.7 1999/12/27 12:54:55 damien Exp $");
+RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $");

 #include "packet.h"
 #include "ssh.h"
--- a/auth-rsa.c
+++ b/auth-rsa.c
@ -16,7 +16,7 @@
 */

 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.15 2000/04/13 02:26:35 damien Exp $");
+RCSID("$Id: auth-rsa.c,v 1.16 2000/04/16 01:18:39 damien Exp $");

 #include "rsa.h"
 #include "packet.h"
--- a/auth-skey.c
+++ b/auth-skey.c
@ -1,7 +1,7 @@
 #include "includes.h"

 #ifdef SKEY
-RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $");
+RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $");

 #include "ssh.h"
 #include "packet.h"
--- a/auth.c
+++ b/auth.c
@ -5,7 +5,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.2 2000/04/06 08:55:22 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.4 2000/04/14 10:30:29 markus Exp $");

 #include "xmalloc.h"
 #include "rsa.h"
@ -685,6 +685,7 @@ input_service_request(int type, int plen)
 	unsigned int len;
 	int accept = 0;
 	char *service = packet_get_string(&len);
+	packet_done();

 	if (strcmp(service, "ssh-userauth") == 0) {
 		if (!userauth_success) {
@ -727,6 +728,7 @@ input_userauth_request(int type, int plen)
 	pw = auth_set_user(user, service);
 	if (pw && strcmp(service, "ssh-connection")==0) {
 		if (strcmp(method, "none") == 0 && try == 1) {
+			packet_done();
 #ifdef USE_PAM
 			/* Do PAM auth with password */
 			authenticated = auth_pam_password(pw, "");
@ -740,6 +742,7 @@ input_userauth_request(int type, int plen)
 			if (c)
 				debug("password change not supported");
 			password = packet_get_string(&len);
+			packet_done();
 #ifdef USE_PAM
 			/* Do PAM auth with password */
 			authenticated = auth_pam_password(pw, password);
@ -751,11 +754,19 @@ input_userauth_request(int type, int plen)
 			xfree(password);
 		} else if (strcmp(method, "publickey") == 0) {
 			/* XXX TODO */
-			char *pkalg;
-			char *pkblob;
-			c = packet_get_char();
+			char *pkalg, *pkblob, *sig;
+			int have_sig = packet_get_char();
 			pkalg = packet_get_string(&len);
 			pkblob = packet_get_string(&len);
+			if (have_sig) {
+				sig = packet_get_string(&len);
+				/* test for correct signature */
+				packet_done();
+				xfree(sig);
+			} else {
+				packet_done();
+				/* test whether pkalg/pkblob are acceptable */
+			}
 			xfree(pkalg);
 			xfree(pkblob);
 		}
@ -764,7 +775,6 @@ input_userauth_request(int type, int plen)
 	if (authenticated) {
 		/* turn off userauth */
 		dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
-		/* success! */
 		packet_start(SSH2_MSG_USERAUTH_SUCCESS);
 		packet_send();
 		packet_write_wait();
--- a/authfd.c
+++ b/authfd.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$Id: authfd.c,v 1.11 2000/04/13 02:26:35 damien Exp $");
+RCSID("$Id: authfd.c,v 1.12 2000/04/16 01:18:40 damien Exp $");

 #include "ssh.h"
 #include "rsa.h"
--- a/authfd.h
+++ b/authfd.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: authfd.h,v 1.4 1999/11/25 00:54:58 damien Exp $"); */
+/* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */

 #ifndef AUTHFD_H
 #define AUTHFD_H
--- a/authfile.c
+++ b/authfile.c
@ -15,7 +15,7 @@
 */

 #include "includes.h"
-RCSID("$Id: authfile.c,v 1.9 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: authfile.c,v 1.10 2000/04/16 01:18:40 damien Exp $");

 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
--- a/bufaux.c
+++ b/bufaux.c
@ -17,7 +17,7 @@
 */

 #include "includes.h"
-RCSID("$Id: bufaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: bufaux.c,v 1.11 2000/04/16 01:18:40 damien Exp $");

 #include "ssh.h"

--- a/bufaux.h
+++ b/bufaux.h
@ -11,7 +11,7 @@
 *
 */

-/* RCSID("$Id: bufaux.h,v 1.4 2000/04/01 01:09:23 damien Exp $"); */
+/* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */

 #ifndef BUFAUX_H
 #define BUFAUX_H
--- a/buffer.c
+++ b/buffer.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $");

 #include "xmalloc.h"
 #include "buffer.h"
--- a/canohost.c
+++ b/canohost.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$Id: canohost.c,v 1.8 2000/03/11 09:45:41 damien Exp $");
+RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $");

 #include "packet.h"
 #include "xmalloc.h"
--- a/channels.c
+++ b/channels.c
@ -17,7 +17,7 @@
 */

 #include "includes.h"
-RCSID("$Id: channels.c,v 1.24 2000/04/12 10:17:38 damien Exp $");
+RCSID("$Id: channels.c,v 1.25 2000/04/16 01:18:41 damien Exp $");

 #include "ssh.h"
 #include "packet.h"
@ -540,8 +540,10 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
 			packet_put_int(newch);
 			packet_put_int(c->local_window_max);
 			packet_put_int(c->local_maxpacket);
+			/* target host and port */
 			packet_put_string(c->path, strlen(c->path));
 			packet_put_int(c->host_port);
+			/* originator host and port */
 			packet_put_cstring(remote_hostname);
 			packet_put_int(remote_port);
 			packet_send();
@ -934,6 +936,7 @@ channel_input_data(int type, int plen)

 	/* Get the data. */
 	data = packet_get_string(&data_len);
+	packet_done();

 	if (compat20){
 		if (data_len > c->local_maxpacket) {
@ -980,6 +983,7 @@ channel_input_extended_data(int type, int plen)
 		return;
 	}
 	data = packet_get_string(&data_len);
+	packet_done();
 	if (data_len > c->local_window) {
 		log("channel %d: rcvd too much extended_data %d, win %d",
 		    c->self, data_len, c->local_window);
@ -1093,6 +1097,7 @@ channel_input_close_confirmation(int type, int plen)
 	int id = packet_get_int();
 	Channel *c = channel_lookup(id);

+	packet_done();
 	if (c == NULL)
 		packet_disconnect("Received close confirmation for "
 		    "out-of-range channel %d.", id);
@ -1125,6 +1130,7 @@ channel_input_open_confirmation(int type, int plen)
 	if (compat20) {
 		c->remote_window = packet_get_int();
 		c->remote_maxpacket = packet_get_int();
+		packet_done();
 		if (c->cb_fn != NULL && c->cb_event == type) {
 			debug("callback start");
 			c->cb_fn(c->self, c->cb_arg);
@ -1153,8 +1159,11 @@ channel_input_open_failure(int type, int plen)
 	if (compat20) {
 		int reason = packet_get_int();
 		char *msg  = packet_get_string(NULL);
+		char *lang  = packet_get_string(NULL);
 		log("channel_open_failure: %d: reason %d: %s", id, reason, msg);
+		packet_done();
 		xfree(msg);
+		xfree(lang);
 	}
 	/* Free the channel.  This will also close the socket. */
 	channel_free(id);
@ -1204,6 +1213,7 @@ channel_input_window_adjust(int type, int plen)
 		return;
 	}
 	adjust = packet_get_int();
+	packet_done();
 	debug("channel %d: rcvd adjust %d", id, adjust);
 	c->remote_window += adjust;
 }
--- a/channels.h
+++ b/channels.h
@ -1,4 +1,4 @@
-/* RCSID("$Id: channels.h,v 1.6 2000/04/04 04:39:01 damien Exp $"); */
+/* RCSID("$Id: channels.h,v 1.7 2000/04/16 01:18:41 damien Exp $"); */

 #ifndef CHANNELS_H
 #define CHANNELS_H
--- a/cipher.c
+++ b/cipher.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$Id: cipher.c,v 1.18 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: cipher.c,v 1.19 2000/04/16 01:18:41 damien Exp $");

 #include "ssh.h"
 #include "cipher.h"
--- a/cipher.h
+++ b/cipher.h
@ -11,7 +11,7 @@
 *
 */

-/* RCSID("$Id: cipher.h,v 1.10 2000/04/13 02:26:36 damien Exp $"); */
+/* RCSID("$Id: cipher.h,v 1.11 2000/04/16 01:18:41 damien Exp $"); */

 #ifndef CIPHER_H
 #define CIPHER_H
--- a/clientloop.c
+++ b/clientloop.c
@ -16,7 +16,7 @@
 */

 #include "includes.h"
-RCSID("$Id: clientloop.c,v 1.10 2000/04/12 10:17:39 damien Exp $");
+RCSID("$Id: clientloop.c,v 1.11 2000/04/16 01:18:41 damien Exp $");

 #include "xmalloc.h"
 #include "ssh.h"
@ -1027,6 +1027,7 @@ client_input_channel_req(int id, void *arg)
 	} else if (strcmp(rtype, "exit-status") == 0) {
 		success = 1;
 		exit_status = packet_get_int();
+		packet_done();
 	}
 	if (reply) {
 		packet_start(success ?
--- a/compat.c
+++ b/compat.c
@ -28,7 +28,7 @@
 */

 #include "includes.h"
-RCSID("$Id: compat.c,v 1.7 2000/04/12 10:17:39 damien Exp $");
+RCSID("$Id: compat.c,v 1.8 2000/04/16 01:18:42 damien Exp $");

 #include "ssh.h"
 #include "packet.h"
--- a/compress.c
+++ b/compress.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$Id: compress.c,v 1.5 2000/04/01 01:09:24 damien Exp $");
+RCSID("$Id: compress.c,v 1.6 2000/04/16 01:18:42 damien Exp $");

 #include "ssh.h"
 #include "buffer.h"
--- a/compress.h
+++ b/compress.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: compress.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: compress.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */

 #ifndef COMPRESS_H
 #define COMPRESS_H
--- a/crc32.h
+++ b/crc32.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: crc32.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: crc32.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */

 #ifndef CRC32_H
 #define CRC32_H
--- a/dispatch.c
+++ b/dispatch.c
@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Markus Friedl.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+RCSID("$Id: dispatch.c,v 1.3 2000/04/16 01:18:42 damien Exp $");
+#include "ssh.h"
+#include "dispatch.h"
+#include "packet.h"
+
+#define DISPATCH_MIN	0
+#define DISPATCH_MAX	255
+
+dispatch_fn *dispatch[DISPATCH_MAX];
+
+void
+dispatch_protocol_error(int type, int plen)
+{
+	error("Hm, dispatch protocol error: type %d plen %d", type, plen);
+}
+void
+dispatch_init(dispatch_fn *dflt)
+{
+	int i;
+	for (i = 0; i < DISPATCH_MAX; i++)
+		dispatch[i] = dflt;
+}
+void
+dispatch_set(int type, dispatch_fn *fn)
+{
+	dispatch[type] = fn;
+}
+void
+dispatch_run(int mode, int *done)
+{
+	for (;;) {
+		int plen;
+		int type;
+
+		if (mode == DISPATCH_BLOCK) {
+			type = packet_read(&plen);
+		} else {
+			type = packet_read_poll(&plen);
+			if (type == SSH_MSG_NONE)
+				return;
+		}
+		if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL)
+			(*dispatch[type])(type, plen);
+		else
+			packet_disconnect("protocol error: rcvd type %d", type);	
+		if (done != NULL && *done)
+			return;
+	}
+}
--- a/dsa.c
+++ b/dsa.c
@ -28,7 +28,7 @@
 */

 #include "includes.h"
-RCSID("$Id: dsa.c,v 1.3 2000/04/12 09:39:10 markus Exp $");
+RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $");

 #include "ssh.h"
 #include "xmalloc.h"
--- a/getput.h
+++ b/getput.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: getput.h,v 1.2 1999/11/24 13:26:22 damien Exp $"); */
+/* RCSID("$Id: getput.h,v 1.3 2000/04/16 01:18:42 damien Exp $"); */

 #ifndef GETPUT_H
 #define GETPUT_H
--- a/hostfile.c
+++ b/hostfile.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.15 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.16 2000/04/14 10:30:31 markus Exp $");

 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
--- a/kex.c
+++ b/kex.c
@ -28,7 +28,7 @@
 */

 #include "includes.h"
-RCSID("$Id: kex.c,v 1.4 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: kex.c,v 1.5 2000/04/16 01:18:43 damien Exp $");

 #include "ssh.h"
 #include "ssh2.h"
--- a/log-client.c
+++ b/log-client.c
@ -15,7 +15,7 @@
 */

 #include "includes.h"
-RCSID("$Id: log-client.c,v 1.5 2000/03/09 10:27:50 damien Exp $");
+RCSID("$Id: log-client.c,v 1.6 2000/04/16 01:18:43 damien Exp $");

 #include "xmalloc.h"
 #include "ssh.h"
--- a/log-server.c
+++ b/log-server.c
@ -15,7 +15,7 @@
 */

 #include "includes.h"
-RCSID("$Id: log-server.c,v 1.8 2000/04/01 01:09:24 damien Exp $");
+RCSID("$Id: log-server.c,v 1.9 2000/04/16 01:18:43 damien Exp $");

 #include <syslog.h>
 #include "packet.h"
--- a/login.c
+++ b/login.c
@ -18,7 +18,7 @@
 */

 #include "includes.h"
-RCSID("$Id: login.c,v 1.22 2000/02/02 08:17:41 damien Exp $");
+RCSID("$Id: login.c,v 1.23 2000/04/16 01:18:43 damien Exp $");

 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 # include <utmpx.h>
--- a/match.c
+++ b/match.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$Id: match.c,v 1.4 2000/03/26 03:04:53 damien Exp $");
+RCSID("$Id: match.c,v 1.5 2000/04/16 01:18:43 damien Exp $");

 #include "ssh.h"

--- a/mpaux.c
+++ b/mpaux.c
@ -15,7 +15,7 @@
 */

 #include "includes.h"
-RCSID("$Id: mpaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: mpaux.c,v 1.11 2000/04/16 01:18:43 damien Exp $");

 #include "getput.h"
 #include "xmalloc.h"
--- a/mpaux.h
+++ b/mpaux.h
@ -13,7 +13,7 @@
 * precision integers.
 */

-/* RCSID("$Id: mpaux.h,v 1.4 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: mpaux.h,v 1.5 2000/04/16 01:18:43 damien Exp $"); */

 #ifndef MPAUX_H
 #define MPAUX_H
--- a/nchan.c
+++ b/nchan.c
@ -28,7 +28,7 @@
 */

 #include "includes.h"
-RCSID("$Id: nchan.c,v 1.7 2000/04/04 04:39:02 damien Exp $");
+RCSID("$Id: nchan.c,v 1.8 2000/04/16 01:18:43 damien Exp $");

 #include "ssh.h"

--- a/packet.c
+++ b/packet.c
@ -17,7 +17,7 @@
 */

 #include "includes.h"
-RCSID("$Id: packet.c,v 1.17 2000/04/13 02:26:37 damien Exp $");
+RCSID("$Id: packet.c,v 1.18 2000/04/16 01:18:43 damien Exp $");

 #ifdef HAVE_OPENSSL
 # include <openssl/bn.h>
@ -1063,6 +1063,12 @@ packet_get_raw(int *length_ptr)
 	return buffer_ptr(&incoming_packet);
 }

+int
+packet_remaining(void)
+{
+	return buffer_len(&incoming_packet);
+}
+
 /*
 * Returns a string from the packet data.  The string is allocated using
 * xmalloc; it is the responsibility of the calling program to free it when
--- a/packet.h
+++ b/packet.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: packet.h,v 1.13 2000/04/13 02:26:37 damien Exp $"); */
+/* RCSID("$Id: packet.h,v 1.14 2000/04/16 01:18:44 damien Exp $"); */

 #ifndef PACKET_H
 #define PACKET_H
@ -201,6 +201,16 @@ do { \
  } \
 } while (0)

+#define packet_done() \
+do { \
+	int _len = packet_remaining(); \
+	if (_len > 0) { \
+		log("Packet integrity error (%d bytes remaining) at %s:%d", \
+		    _len ,__FILE__, __LINE__); \
+		packet_disconnect("Packet integrity error."); \
+	} \
+} while (0)
+
 /* remote host is connected via a socket/ipv4 */
 int	packet_connection_is_on_socket(void);
 int	packet_connection_is_ipv4(void);
@ -208,4 +218,7 @@ int	packet_connection_is_ipv4(void);
 /* enable SSH2 packet format */
 void	packet_set_ssh2_format(void);

+/* returns remaining payload bytes */
+int	packet_remaining(void);
+
 #endif				/* PACKET_H */
--- a/pty.c
+++ b/pty.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$Id: pty.c,v 1.17 2000/03/17 12:58:59 damien Exp $");
+RCSID("$Id: pty.c,v 1.18 2000/04/16 01:18:44 damien Exp $");

 #ifdef HAVE_UTIL_H
 # include <util.h>
--- a/pty.h
+++ b/pty.h
@ -13,7 +13,7 @@
 * tty.
 */

-/* RCSID("$Id: pty.h,v 1.7 2000/04/01 01:09:25 damien Exp $"); */
+/* RCSID("$Id: pty.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */

 #ifndef PTY_H
 #define PTY_H
--- a/readconf.c
+++ b/readconf.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$Id: readconf.c,v 1.10 2000/04/12 10:17:40 damien Exp $");
+RCSID("$Id: readconf.c,v 1.11 2000/04/16 01:18:44 damien Exp $");

 #include "ssh.h"
 #include "cipher.h"
--- a/readconf.h
+++ b/readconf.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: readconf.h,v 1.7 2000/04/12 10:17:40 damien Exp $"); */
+/* RCSID("$Id: readconf.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */

 #ifndef READCONF_H
 #define READCONF_H
--- a/readpass.c
+++ b/readpass.c
@ -32,7 +32,7 @@
 */

 #include "includes.h"
-RCSID("$Id: readpass.c,v 1.5 2000/01/22 08:47:21 damien Exp $");
+RCSID("$Id: readpass.c,v 1.6 2000/04/16 01:18:44 damien Exp $");

 #include "xmalloc.h"
 #include "ssh.h"
--- a/rsa.c
+++ b/rsa.c
@ -35,7 +35,7 @@
 */

 #include "includes.h"
-RCSID("$Id: rsa.c,v 1.13 2000/04/04 04:57:08 damien Exp $");
+RCSID("$Id: rsa.c,v 1.14 2000/04/16 01:18:45 damien Exp $");

 #include "rsa.h"
 #include "ssh.h"
--- a/rsa.h
+++ b/rsa.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: rsa.h,v 1.7 2000/04/13 02:26:37 damien Exp $"); */
+/* RCSID("$Id: rsa.h,v 1.8 2000/04/16 01:18:45 damien Exp $"); */

 #ifndef RSA_H
 #define RSA_H
--- a/scp.c
+++ b/scp.c
@ -45,7 +45,7 @@
 */

 #include "includes.h"
-RCSID("$Id: scp.c,v 1.18 2000/03/17 12:40:16 damien Exp $");
+RCSID("$Id: scp.c,v 1.19 2000/04/16 01:18:45 damien Exp $");

 #include "ssh.h"
 #include "xmalloc.h"
@ -1008,7 +1008,7 @@ run_err(const char *fmt,...)
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *	$Id: scp.c,v 1.18 2000/03/17 12:40:16 damien Exp $
+ *	$Id: scp.c,v 1.19 2000/04/16 01:18:45 damien Exp $
 */

 char *
--- a/servconf.c
+++ b/servconf.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.11 2000/04/12 10:17:40 damien Exp $");
+RCSID("$Id: servconf.c,v 1.12 2000/04/16 01:18:45 damien Exp $");

 #include "ssh.h"
 #include "servconf.h"
--- a/servconf.h
+++ b/servconf.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: servconf.h,v 1.8 2000/04/12 10:17:40 damien Exp $"); */
+/* RCSID("$Id: servconf.h,v 1.9 2000/04/16 01:18:45 damien Exp $"); */

 #ifndef SERVCONF_H
 #define SERVCONF_H
--- a/serverloop.c
+++ b/serverloop.c
@ -697,16 +697,17 @@ int
 input_direct_tcpip(void)
 {
 	int sock;
-	char *host, *originator;
-	int host_port, originator_port;
+	char *target, *originator;
+	int target_port, originator_port;

-	host = packet_get_string(NULL);
-	host_port = packet_get_int();
+	target = packet_get_string(NULL);
+	target_port = packet_get_int();
 	originator = packet_get_string(NULL);
 	originator_port = packet_get_int();
+	packet_done();
 	/* XXX check permission */
-	sock = channel_connect_to(host, host_port);
-	xfree(host);
+	sock = channel_connect_to(target, target_port);
+	xfree(target);
 	xfree(originator);
 	if (sock < 0)
 		return -1;
@ -735,6 +736,7 @@ server_input_channel_open(int type, int plen)

 	if (strcmp(ctype, "session") == 0) {
 		debug("open session");
+		packet_done();
 		/*
 		 * A server session has no fd to read or write
 		 * until a CHANNEL_REQUEST for a shell is made,
--- a/session.c
+++ b/session.c
@ -8,7 +8,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.2 2000/04/06 08:55:22 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.4 2000/04/14 10:30:33 markus Exp $");

 #include "xmalloc.h"
 #include "ssh.h"
@ -1202,6 +1202,7 @@ session_window_change_req(Session *s)
 	s->row = packet_get_int();
 	s->xpixel = packet_get_int();
 	s->ypixel = packet_get_int();
+	packet_done();
 	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
 	return 1;
 }
@ -1210,14 +1211,17 @@ int
 session_pty_req(Session *s)
 {
 	unsigned int len;
+	char *term_modes;	/* encoded terminal modes */

 	if (s->ttyfd != -1)
-		return -1;
+		return 0;
 	s->term = packet_get_string(&len);
 	s->col = packet_get_int();
 	s->row = packet_get_int();
 	s->xpixel = packet_get_int();
 	s->ypixel = packet_get_int();
+	term_modes = packet_get_string(&len);
+	packet_done();

 	if (strcmp(s->term, "") == 0) {
 		xfree(s->term);
@ -1230,7 +1234,8 @@ session_pty_req(Session *s)
 		s->ptyfd = -1;
 		s->ttyfd = -1;
 		error("session_pty_req: session %d alloc failed", s->self);
-		return -1;
+		xfree(term_modes);
+		return 0;
 	}
 	debug("session_pty_req: session %d alloc %s", s->self, s->tty);
 	/*
--- a/ssh-agent.c
+++ b/ssh-agent.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $	*/
+/*	$OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -9,7 +9,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $");

 #include "ssh.h"
 #include "rsa.h"
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@ -7,7 +7,7 @@
 */

 #include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.12 2000/03/17 12:40:17 damien Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.13 2000/04/16 01:18:46 damien Exp $");

 #include "rsa.h"
 #include "ssh.h"
--- a/ssh.1
+++ b/ssh.1
@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.21 2000/04/13 02:26:37 damien Exp $
+.\" $Id: ssh.1,v 1.22 2000/04/16 01:18:46 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@ -24,7 +24,7 @@
 .Op Ar command
 .Pp
 .Nm ssh
-.Op Fl afgknqtvxCPX46
+.Op Fl afgknqtvxCPX246
 .Op Fl c Ar blowfish | 3des
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
@ -455,6 +455,10 @@ from the local machine.
 Port forwardings can also be specified in the configuration file.
 Privileged ports can be forwarded only when
 logging in as root on the remote machine.
+.It Fl 2
+Forces
+.Nm
+to use protocol version 2 only.
 .It Fl 4
 Forces
 .Nm
--- a/ssh.c
+++ b/ssh.c
@ -11,7 +11,7 @@
 */

 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.25 2000/04/12 10:17:40 damien Exp $");
+RCSID("$Id: ssh.c,v 1.26 2000/04/16 01:18:46 damien Exp $");

 #include "xmalloc.h"
 #include "ssh.h"
@ -138,6 +138,7 @@ usage()
 	fprintf(stderr, "  -g          Allow remote hosts to connect to forwarded ports.\n");
 	fprintf(stderr, "  -4          Use IPv4 only.\n");
 	fprintf(stderr, "  -6          Use IPv6 only.\n");
+	fprintf(stderr, "  -2          Force protocol version 2.\n");
 	fprintf(stderr, "  -o 'option' Process the option as if it was read from a configuration file.\n");
 	exit(1);
 }
@ -276,39 +277,34 @@ main(int ac, char **av)
 			optarg = NULL;
 		}
 		switch (opt) {
+		case '2':
+			options.protocol = SSH_PROTO_2;
+			break;
 		case '4':
 			IPv4or6 = AF_INET;
 			break;
-
 		case '6':
 			IPv4or6 = AF_INET6;
 			break;
-
 		case 'n':
 			stdin_null_flag = 1;
 			break;
-
 		case 'f':
 			fork_after_authentication_flag = 1;
 			stdin_null_flag = 1;
 			break;
-
 		case 'x':
 			options.forward_x11 = 0;
 			break;
-
 		case 'X':
 			options.forward_x11 = 1;
 			break;
-
 		case 'g':
 			options.gateway_ports = 1;
 			break;
-
 		case 'P':
 			options.use_privileged_port = 0;
 			break;
-
 		case 'a':
 			options.forward_agent = 0;
 			break;
@ -330,11 +326,9 @@ main(int ac, char **av)
 			options.identity_files[options.num_identity_files++] =
 				xstrdup(optarg);
 			break;
-
 		case 't':
 			tty_flag = 1;
 			break;
-
 		case 'v':
 		case 'V':
 			fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n",
@ -347,11 +341,9 @@ main(int ac, char **av)
 			debug_flag = 1;
 			options.log_level = SYSLOG_LEVEL_DEBUG;
 			break;
-
 		case 'q':
 			options.log_level = SYSLOG_LEVEL_QUIET;
 			break;
-
 		case 'e':
 			if (optarg[0] == '^' && optarg[2] == 0 &&
 			    (unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128)
@ -365,7 +357,6 @@ main(int ac, char **av)
 				exit(1);
 			}
 			break;
-
 		case 'c':
 			options.cipher = cipher_number(optarg);
 			if (options.cipher == -1) {
@ -373,15 +364,12 @@ main(int ac, char **av)
 				exit(1);
 			}
 			break;
-
 		case 'p':
 			options.port = atoi(optarg);
 			break;
-
 		case 'l':
 			options.user = optarg;
 			break;
-
 		case 'R':
 			if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
 			    &fwd_host_port) != 3 &&
@ -393,7 +381,6 @@ main(int ac, char **av)
 			}
 			add_remote_forward(&options, fwd_port, buf, fwd_host_port);
 			break;
-
 		case 'L':
 			if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
 			    &fwd_host_port) != 3 &&
@ -405,27 +392,22 @@ main(int ac, char **av)
 			}
 			add_local_forward(&options, fwd_port, buf, fwd_host_port);
 			break;
-
 		case 'C':
 			options.compression = 1;
 			break;
-
 		case 'N':
 			no_shell_flag = 1;
 			no_tty_flag = 1;
 			break;
-
 		case 'T':
 			no_tty_flag = 1;
 			break;
-
 		case 'o':
 			dummy = 1;
 			if (process_config_line(&options, host ? host : "", optarg,
 					 "command-line", 0, &dummy) != 0)
 				exit(1);
 			break;
-
 		default:
 			usage();
 		}
--- a/ssh.h
+++ b/ssh.h
@ -13,7 +13,7 @@
 *
 */

-/* RCSID("$Id: ssh.h,v 1.31 2000/04/12 10:17:41 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.32 2000/04/16 01:18:47 damien Exp $"); */

 #ifndef SSH_H
 #define SSH_H
--- a/sshconnect.c
+++ b/sshconnect.c
@ -10,7 +10,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $");

 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@ -1411,6 +1411,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	debug("first kex follow == %d", i);
 	i = packet_get_int();
 	debug("reserved == %d", i);
+	packet_done();

 	debug("done read kexinit");
 	kex = kex_choose_conf(cprop, sprop, 0);
@ -1466,6 +1467,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)

 	/* signed H */
 	signature = packet_get_string(&slen);
+	packet_done();

 	if (!dh_pub_is_valid(dh, dh_server_pub))
 		packet_disconnect("bad server public DH value");
@ -1518,6 +1520,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)

 	debug("Wait SSH2_MSG_NEWKEYS.");
 	packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
+	packet_done();
 	debug("GOT SSH2_MSG_NEWKEYS.");

 	debug("send SSH2_MSG_NEWKEYS.");
@ -1551,7 +1554,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
 	char *server_user, *local_user;
 	char *auths;
 	char *password;
-	char *service = "ssh-connection";		// service name
+	char *service = "ssh-connection";		/* service name */

 	debug("send SSH2_MSG_SERVICE_REQUEST");
 	packet_start(SSH2_MSG_SERVICE_REQUEST);
@ -1563,8 +1566,15 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
 	if (type != SSH2_MSG_SERVICE_ACCEPT) {
 		fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
 	}
+	if (packet_remaining() > 0) {
+		char *reply = packet_get_string(&plen);
+		debug("service_accept: %s", reply);
+		xfree(reply);
+	} else {
 		/* payload empty for ssh-2.0.13 ?? */
-	/* reply = packet_get_string(&payload_len); */
+		log("buggy server: service_accept w/o service");
+	}
+	packet_done();
 	debug("got SSH2_MSG_SERVICE_ACCEPT");

 	/*XX COMMONCODE: */
@ -1593,6 +1603,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
 		auths = packet_get_string(&dlen);
 		debug("authentications that can continue: %s", auths);
 		partial = packet_get_char();
+		packet_done();
 		if (partial)
 			debug("partial success");
 		if (strstr(auths, "password") == NULL)
@ -1613,6 +1624,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
 		packet_send();
 		packet_write_wait();
 	}
+	packet_done();
 	debug("ssh-userauth2 successfull");
 }

--- a/sshd.c
+++ b/sshd.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.104 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.105 2000/04/14 10:30:33 markus Exp $");

 #include "xmalloc.h"
 #include "rsa.h"
--- a/ttymodes.c
+++ b/ttymodes.c
@ -10,7 +10,7 @@
 */

 #include "includes.h"
-RCSID("$Id: ttymodes.c,v 1.3 1999/11/25 00:54:59 damien Exp $");
+RCSID("$Id: ttymodes.c,v 1.4 2000/04/16 01:18:49 damien Exp $");

 #include "packet.h"
 #include "ssh.h"
--- a/ttymodes.h
+++ b/ttymodes.h
@ -12,7 +12,7 @@
 *
 */

-/* RCSID("$Id: ttymodes.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: ttymodes.h,v 1.4 2000/04/16 01:18:49 damien Exp $"); */

 /* The tty mode description is a stream of bytes.  The stream consists of
 * opcode-arguments pairs.  It is terminated by opcode TTY_OP_END (0).
--- a/uidswap.c
+++ b/uidswap.c
@ -7,7 +7,7 @@
 */

 #include "includes.h"
-RCSID("$Id: uidswap.c,v 1.4 2000/01/20 13:18:16 damien Exp $");
+RCSID("$Id: uidswap.c,v 1.5 2000/04/16 01:18:49 damien Exp $");

 #include "ssh.h"
 #include "uidswap.h"
--- a/xmalloc.c
+++ b/xmalloc.c
@ -8,7 +8,7 @@
 */

 #include "includes.h"
-RCSID("$Id: xmalloc.c,v 1.2 1999/11/24 13:26:23 damien Exp $");
+RCSID("$Id: xmalloc.c,v 1.3 2000/04/16 01:18:49 damien Exp $");

 #include "ssh.h"

--- a/xmalloc.h
+++ b/xmalloc.h
@ -14,7 +14,7 @@
 *
 */

-/* RCSID("$Id: xmalloc.h,v 1.2 1999/11/24 13:26:23 damien Exp $"); */
+/* RCSID("$Id: xmalloc.h,v 1.3 2000/04/16 01:18:49 damien Exp $"); */

 #ifndef XMALLOC_H
 #define XMALLOC_H