This commit was generated by cvs2svn to compensate for changes in r164146,

which included commits to RCS files with non-trunk default branches.

crypto/openssh/Makefile.in

@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.282 2006/09/12 11:54:10 djm Exp $
+# $Id: Makefile.in,v 1.283 2006/10/23 21:44:47 tim Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -11,6 +11,7 @@ bindir=@bindir@
 sbindir=@sbindir@
 libexecdir=@libexecdir@
 datadir=@datadir@
+datarootdir=@datarootdir@
 mandir=@mandir@
 mansubdir=@mansubdir@
 sysconfdir=@sysconfdir@

crypto/openssh/README

@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-4.4 for the release notes.
+See http://www.openssh.com/txt/release-4.5 for the release notes.
 
 - A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@ References -
 [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
 [7] http://www.openssh.com/faq.html
 
-$Id: README,v 1.63 2006/09/01 11:32:53 dtucker Exp $
+$Id: README,v 1.64 2006/11/07 12:25:45 dtucker Exp $

crypto/openssh/bufbn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/
+/* $OpenBSD: bufbn.c,v 1.4 2006/11/06 21:25:28 markus Exp $*/
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -118,7 +118,10 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
 		return (-1);
 	}
 	bin = buffer_ptr(buffer);
-	BN_bin2bn(bin, bytes, value);
+	if (BN_bin2bn(bin, bytes, value) == NULL) {
+		error("buffer_get_bignum_ret: BN_bin2bn failed");
+		return (-1);
+	}
 	if (buffer_consume_ret(buffer, bytes) == -1) {
 		error("buffer_get_bignum_ret: buffer_consume failed");
 		return (-1);
@@ -202,7 +205,10 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
 		xfree(bin);
 		return (-1);
 	}
-	BN_bin2bn(bin, len, value);
+	if (BN_bin2bn(bin, len, value) == NULL) {
+		error("buffer_get_bignum2_ret: BN_bin2bn failed");
+		return (-1);
+	}
 	xfree(bin);
 	return (0);
 }

crypto/openssh/buildpkg.sh.in

@@ -24,6 +24,7 @@ PKGNAME=OpenSSH
 # revisions within the same version (REV=a)
 #REV=
 SYSVINIT_NAME=opensshd
+AWK=${AWK:="nawk"}
 MAKE=${MAKE:="make"}
 SSHDUID=67	# Default privsep uid
 SSHDGID=67	# Default privsep gid
@@ -154,15 +155,22 @@ ARCH=`uname -m`
 DEF_MSG="\n"
 OS_VER=`uname -v`
 SCRIPT_SHELL=/sbin/sh
+UNAME_R=`uname -r`
 UNAME_S=`uname -s`
 case ${UNAME_S} in
 	SunOS)	UNAME_S=Solaris
+		OS_VER=${UNAME_R}
 		ARCH=`uname -p`
 		RCS_D=yes
 		DEF_MSG="(default: n)"
 		;;
-	SCO_SV)	UNAME_S=OpenServer
+	SCO_SV)	case ${UNAME_R} in
+			3.2)	UNAME_S=OpenServer5
 		OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'`
+				;;
+			5)	UNAME_S=OpenServer6
+				;;
+		esac
 		SCRIPT_SHELL=/bin/sh
 		RC1_D=no
 		DEF_MSG="(default: n)"
@@ -481,7 +489,7 @@ _EOF
 [ -x /usr/bin/ckyorn ]  ||  cat >> request << _EOF
 
 ckyorn() {
-# for some strange reason OpenServer has no ckyorn
+# for some strange reason OpenServer5 has no ckyorn
 # We build a striped down version here
 
 DEFAULT=n
@@ -638,7 +646,7 @@ cat >mk-proto.awk << _EOF
 _EOF
 
 find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
-	pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
+	pkgproto $PROTO_ARGS | ${AWK} -f mk-proto.awk > prototype
 
 # /usr/local is a symlink on some systems
 [ "${USR_LOCAL_IS_SYMLINK}" = yes ]  &&  {

crypto/openssh/clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.175 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: clientloop.c,v 1.176 2006/10/11 12:38:03 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -464,8 +464,10 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
 static void
 server_alive_check(void)
 {
-	if (++server_alive_timeouts > options.server_alive_count_max)
-		packet_disconnect("Timeout, server not responding.");
+	if (++server_alive_timeouts > options.server_alive_count_max) {
+		logit("Timeout, server not responding.");
+		cleanup_exit(255);
+	}
 	packet_start(SSH2_MSG_GLOBAL_REQUEST);
 	packet_put_cstring("keepalive@openssh.com");
 	packet_put_char(1);     /* boolean: want reply */

crypto/openssh/dh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: dh.c,v 1.43 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *

crypto/openssh/entropy.c

@@ -36,6 +36,7 @@
 #endif
 #include <stdarg.h>
 #include <unistd.h>
+#include <signal.h>
 
 #include <openssl/rand.h>
 #include <openssl/crypto.h>

crypto/openssh/kexdhc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -50,7 +50,8 @@ kexdh_client(Kex *kex)
 	Key *server_host_key;
 	u_char *server_host_key_blob = NULL, *signature = NULL;
 	u_char *kbuf, *hash;
-	u_int klen, kout, slen, sbloblen, hashlen;
+	u_int klen, slen, sbloblen, hashlen;
+	int kout;
 
 	/* generate and send 'e', client DH public key */
 	switch (kex->kex_type) {
@@ -112,13 +113,15 @@ kexdh_client(Kex *kex)
 
 	klen = DH_size(dh);
 	kbuf = xmalloc(klen);
-	kout = DH_compute_key(kbuf, dh_server_pub, dh);
+	if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
+		fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif
 	if ((shared_secret = BN_new()) == NULL)
 		fatal("kexdh_client: BN_new failed");
-	BN_bin2bn(kbuf, kout, shared_secret);
+	if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+		fatal("kexdh_client: BN_bin2bn failed");
 	memset(kbuf, 0, klen);
 	xfree(kbuf);
 

crypto/openssh/kexdhs.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -52,8 +52,8 @@ kexdh_server(Kex *kex)
 	DH *dh;
 	Key *server_host_key;
 	u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
-	u_int sbloblen, klen, kout, hashlen;
-	u_int slen;
+	u_int sbloblen, klen, hashlen, slen;
+	int kout;
 
 	/* generate server DH public key */
 	switch (kex->kex_type) {
@@ -101,13 +101,15 @@ kexdh_server(Kex *kex)
 
 	klen = DH_size(dh);
 	kbuf = xmalloc(klen);
-	kout = DH_compute_key(kbuf, dh_client_pub, dh);
+	if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
+		fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif
 	if ((shared_secret = BN_new()) == NULL)
 		fatal("kexdh_server: BN_new failed");
-	BN_bin2bn(kbuf, kout, shared_secret);
+	if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+		fatal("kexdh_server: BN_bin2bn failed");
 	memset(kbuf, 0, klen);
 	xfree(kbuf);
 

crypto/openssh/kexgexc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -51,7 +51,8 @@ kexgex_client(Kex *kex)
 	BIGNUM *p = NULL, *g = NULL;
 	Key *server_host_key;
 	u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
-	u_int klen, kout, slen, sbloblen, hashlen;
+	u_int klen, slen, sbloblen, hashlen;
+	int kout;
 	int min, max, nbits;
 	DH *dh;
 
@@ -150,13 +151,15 @@ kexgex_client(Kex *kex)
 
 	klen = DH_size(dh);
 	kbuf = xmalloc(klen);
-	kout = DH_compute_key(kbuf, dh_server_pub, dh);
+	if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
+		fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif
 	if ((shared_secret = BN_new()) == NULL)
 		fatal("kexgex_client: BN_new failed");
-	BN_bin2bn(kbuf, kout, shared_secret);
+	if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+		fatal("kexgex_client: BN_bin2bn failed");
 	memset(kbuf, 0, klen);
 	xfree(kbuf);
 

crypto/openssh/kexgexs.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -55,8 +55,8 @@ kexgex_server(Kex *kex)
 	Key *server_host_key;
 	DH *dh;
 	u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
-	u_int sbloblen, klen, kout, slen, hashlen;
-	int min = -1, max = -1, nbits = -1, type;
+	u_int sbloblen, klen, slen, hashlen;
+	int min = -1, max = -1, nbits = -1, type, kout;
 
 	if (kex->load_host_key == NULL)
 		fatal("Cannot load hostkey");
@@ -134,13 +134,15 @@ kexgex_server(Kex *kex)
 
 	klen = DH_size(dh);
 	kbuf = xmalloc(klen);
-	kout = DH_compute_key(kbuf, dh_client_pub, dh);
+	if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
+		fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif
 	if ((shared_secret = BN_new()) == NULL)
 		fatal("kexgex_server: BN_new failed");
-	BN_bin2bn(kbuf, kout, shared_secret);
+	if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+		fatal("kexgex_server: BN_bin2bn failed");
 	memset(kbuf, 0, klen);
 	xfree(kbuf);
 

crypto/openssh/moduli.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -327,20 +327,26 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
 
 	/* validation check: count the number of primes tried */
 	largetries = 0;
-	q = BN_new();
+	if ((q = BN_new()) == NULL)
+		fatal("BN_new failed");
 
 	/*
 	 * Generate random starting point for subprime search, or use
 	 * specified parameter.
 	 */
-	largebase = BN_new();
-	if (start == NULL)
-		BN_rand(largebase, power, 1, 1);
-	else
-		BN_copy(largebase, start);
+	if ((largebase = BN_new()) == NULL)
+		fatal("BN_new failed");
+	if (start == NULL) {
+		if (BN_rand(largebase, power, 1, 1) == 0)
+			fatal("BN_rand failed");
+	} else {
+		if (BN_copy(largebase, start) == NULL)
+			fatal("BN_copy: failed");
+	}
 
 	/* ensure odd */
-	BN_set_bit(largebase, 0);
+	if (BN_set_bit(largebase, 0) == 0)
+		fatal("BN_set_bit: failed");
 
 	time(&time_start);
 
@@ -424,8 +430,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
 			continue; /* Definitely composite, skip */
 
 		debug2("test q = largebase+%u", 2 * j);
-		BN_set_word(q, 2 * j);
-		BN_add(q, q, largebase);
+		if (BN_set_word(q, 2 * j) == 0)
+			fatal("BN_set_word failed");
+		if (BN_add(q, q, largebase) == 0)
+			fatal("BN_add failed");
 		if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE,
 		    largetries, (power - 1) /* MSB */, (0), q) == -1) {
 			ret = -1;
@@ -470,9 +478,12 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
 
 	time(&time_start);
 
-	p = BN_new();
-	q = BN_new();
-	ctx = BN_CTX_new();
+	if ((p = BN_new()) == NULL)
+		fatal("BN_new failed");
+	if ((q = BN_new()) == NULL)
+		fatal("BN_new failed");
+	if ((ctx = BN_CTX_new()) == NULL)
+		fatal("BN_CTX_new failed");
 
 	debug2("%.24s Final %u Miller-Rabin trials (%x generator)",
 	    ctime(&time_start), trials, generator_wanted);
@@ -520,10 +531,13 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
 		case QTYPE_SOPHIE_GERMAIN:
 			debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
 			a = q;
-			BN_hex2bn(&a, cp);
+			if (BN_hex2bn(&a, cp) == 0)
+				fatal("BN_hex2bn failed");
 			/* p = 2*q + 1 */
-			BN_lshift(p, q, 1);
-			BN_add_word(p, 1);
+			if (BN_lshift(p, q, 1) == 0)
+				fatal("BN_lshift failed");
+			if (BN_add_word(p, 1) == 0)
+				fatal("BN_add_word failed");
 			in_size += 1;
 			generator_known = 0;
 			break;
@@ -534,9 +548,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
 		case QTYPE_UNKNOWN:
 			debug2("%10u: (%u)", count_in, in_type);
 			a = p;
-			BN_hex2bn(&a, cp);
+			if (BN_hex2bn(&a, cp) == 0)
+				fatal("BN_hex2bn failed");
 			/* q = (p-1) / 2 */
-			BN_rshift(q, p, 1);
+			if (BN_rshift(q, p, 1) == 0)
+				fatal("BN_rshift failed");
 			break;
 		default:
 			debug2("Unknown prime type");

crypto/openssh/monitor_fdpass.c

@@ -29,6 +29,9 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
 
 #include <errno.h>
 #include <string.h>

crypto/openssh/openbsd-compat/port-solaris.c

@@ -1,4 +1,4 @@
-/* $Id: port-solaris.c,v 1.2 2006/09/01 05:38:41 djm Exp $ */
+/* $Id: port-solaris.c,v 1.3 2006/10/31 23:28:49 dtucker Exp $ */
 
 /*
  * Copyright (c) 2006 Chad Mynhier.
@@ -86,18 +86,27 @@ solaris_contract_pre_fork(void)
 	debug2("%s: setting up process contract template on fd %d",
 	    __func__, tmpl_fd);
 
-	/* We have to set certain attributes before activating the template */
-	if (ct_pr_tmpl_set_fatal(tmpl_fd,
-	    CT_PR_EV_HWERR|CT_PR_EV_SIGNAL|CT_PR_EV_CORE) != 0) {
+	/* First we set the template parameters and event sets. */
+	if (ct_pr_tmpl_set_param(tmpl_fd, CT_PR_PGRPONLY) != 0) {
+		error("%s: Error setting process contract parameter set "
+		    "(pgrponly): %s", __func__, strerror(errno));
+		goto fail;
+	}
+	if (ct_pr_tmpl_set_fatal(tmpl_fd, CT_PR_EV_HWERR) != 0) {
 		error("%s: Error setting process contract template "
 		    "fatal events: %s", __func__, strerror(errno));
 		goto fail;
 	}
-	if (ct_tmpl_set_critical(tmpl_fd, CT_PR_EV_HWERR) != 0) {
+	if (ct_tmpl_set_critical(tmpl_fd, 0) != 0) {
 		error("%s: Error setting process contract template "
 		    "critical events: %s", __func__, strerror(errno));
 		goto fail;
 	}
+	if (ct_tmpl_set_informative(tmpl_fd, CT_PR_EV_HWERR) != 0) {
+		error("%s: Error setting process contract template "
+		    "informative events: %s", __func__, strerror(errno));
+		goto fail;
+	}
 
 	/* Now make this the active template for this process. */
 	if (ct_tmpl_activate(tmpl_fd) != 0) {

crypto/openssh/scard.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: scard.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -391,15 +391,17 @@ sc_get_keys(const char *id, const char *pin)
 	keys = xcalloc((nkeys+1), sizeof(Key *));
 
 	n = key_new(KEY_RSA1);
-	BN_copy(n->rsa->n, k->rsa->n);
-	BN_copy(n->rsa->e, k->rsa->e);
+	if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
+	    (BN_copy(n->rsa->e, k->rsa->e) == NULL))
+		fatal("sc_get_keys: BN_copy failed");
 	RSA_set_method(n->rsa, sc_get_rsa());
 	n->flags |= KEY_FLAG_EXT;
 	keys[0] = n;
 
 	n = key_new(KEY_RSA);
-	BN_copy(n->rsa->n, k->rsa->n);
-	BN_copy(n->rsa->e, k->rsa->e);
+	if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
+	    (BN_copy(n->rsa->e, k->rsa->e) == NULL))
+		fatal("sc_get_keys: BN_copy failed");
 	RSA_set_method(n->rsa, sc_get_rsa());
 	n->flags |= KEY_FLAG_EXT;
 	keys[1] = n;

crypto/openssh/scard/Makefile.in

@@ -1,7 +1,8 @@
-# $Id: Makefile.in,v 1.4 2002/04/26 01:25:41 djm Exp $
+# $Id: Makefile.in,v 1.5 2006/10/23 21:44:47 tim Exp $
 
 prefix=@prefix@
 datadir=@datadir@
+datarootdir=@datarootdir@
 srcdir=@srcdir@
 top_srcdir=@top_srcdir@
 

crypto/openssh/sftp-client.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.74 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.75 2006/10/22 02:25:50 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -1134,6 +1134,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
 			if (status != SSH2_FX_OK) {
 				error("Couldn't write to remote file \"%s\": %s",
 				    remote_path, fx2txt(status));
+				if (showprogress)
+					stop_progress_meter();
 				do_close(conn, handle, handle_len);
 				close(local_fd);
 				xfree(data);

crypto/openssh/sftp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.92 2006/09/19 05:52:23 otto Exp $ */
+/* $OpenBSD: sftp.c,v 1.93 2006/09/30 17:48:22 ray Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -977,6 +977,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, int *iflag,
 	case I_CHOWN:
 	case I_CHGRP:
 		/* Get numeric arg (mandatory) */
+		errno = 0;
 		l = strtol(cp, &cp2, base);
 		if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) &&
 		    errno == ERANGE) || l < 0) {

crypto/openssh/ssh-dss.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.24 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -161,8 +161,9 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
 		fatal("ssh_dss_verify: BN_new failed");
 	if ((sig->s = BN_new()) == NULL)
 		fatal("ssh_dss_verify: BN_new failed");
-	BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
-	BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
+	if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
+	    (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
+		fatal("ssh_dss_verify: BN_bin2bn failed");
 
 	/* clean up */
 	memset(sigblob, 0, len);

crypto/openssh/ssh-keygen.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.154 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -222,7 +222,8 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
 	if (buffer_len(b) < bytes)
 		fatal("buffer_get_bignum_bits: input buffer too small: "
 		    "need %d have %d", bytes, buffer_len(b));
-	BN_bin2bn(buffer_ptr(b), bytes, value);
+	if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL)
+		fatal("buffer_get_bignum_bits: BN_bin2bn failed");
 	buffer_consume(b, bytes);
 }
 

crypto/openssh/ssh-keyscan.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keyscan.1,v 1.21 2005/09/30 20:34:26 jaredy Exp $
+.\"	$OpenBSD: ssh-keyscan.1,v 1.22 2006/09/25 04:55:38 ray Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -102,7 +102,7 @@ Causes
 to print debugging messages about its progress.
 .El
 .Sh SECURITY
-If a ssh_known_hosts file is constructed using
+If an ssh_known_hosts file is constructed using
 .Nm
 without verifying the keys, users will be vulnerable to
 .Em man in the middle