Index: crypto/openssh/auth-chall.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v retrieving revision 1.2.2.3 retrieving revision 1.2.2.3.2.1 diff -p -c -r1.2.2.3 -r1.2.2.3.2.1 *** crypto/openssh/auth-chall.c 3 Jul 2002 22:11:41 -0000 1.2.2.3 --- crypto/openssh/auth-chall.c 24 Sep 2003 19:50:39 -0000 1.2.2.3.2.1 *************** verify_response(Authctxt *authctxt, cons *** 80,82 **** --- 80,90 ---- authctxt->kbdintctxt = NULL; return res ? 0 : 1; } + void + abandon_challenge_response(Authctxt *authctxt) + { + if (authctxt->kbdintctxt != NULL) { + device->free_ctx(authctxt->kbdintctxt); + authctxt->kbdintctxt = NULL; + } + } Index: crypto/openssh/auth.h =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth.h,v retrieving revision 1.1.1.1.2.5 retrieving revision 1.1.1.1.2.5.2.1 diff -p -c -r1.1.1.1.2.5 -r1.1.1.1.2.5.2.1 *** crypto/openssh/auth.h 3 Jul 2002 22:11:41 -0000 1.1.1.1.2.5 --- crypto/openssh/auth.h 24 Sep 2003 19:50:39 -0000 1.1.1.1.2.5.2.1 *************** struct passwd * getpwnamallow(const char *** 160,165 **** --- 160,166 ---- char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); + void abandon_challenge_response(Authctxt *); struct passwd * auth_get_user(void); Index: crypto/openssh/auth1.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v retrieving revision 1.3.2.8 retrieving revision 1.3.2.8.2.1 diff -p -c -r1.3.2.8 -r1.3.2.8.2.1 *** crypto/openssh/auth1.c 3 Jul 2002 22:11:41 -0000 1.3.2.8 --- crypto/openssh/auth1.c 24 Sep 2003 19:50:39 -0000 1.3.2.8.2.1 *************** do_authloop(Authctxt *authctxt) *** 73,79 **** char info[1024]; u_int dlen; u_int ulen; ! int type = 0; struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", --- 73,79 ---- char info[1024]; u_int dlen; u_int ulen; ! int prev, type = 0; struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", *************** do_authloop(Authctxt *authctxt) *** 103,109 **** --- 103,121 ---- info[0] = '\0'; /* Get a packet from the client. */ + prev = type; type = packet_read(); + + /* + * If we started challenge-response authentication but the + * next packet is not a response to our challenge, release + * the resources allocated by get_challenge() (which would + * normally have been released by verify_response() had we + * received such a response) + */ + if (prev == SSH_CMSG_AUTH_TIS && + type != SSH_CMSG_AUTH_TIS_RESPONSE) + abandon_challenge_response(authctxt); /* Process the packet. */ switch (type) { Index: crypto/openssh/auth2-pam-freebsd.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.2.2.2 diff -p -c -r1.1.2.2 -r1.1.2.2.2.2 *** crypto/openssh/auth2-pam-freebsd.c 17 Jul 2002 17:45:18 -0000 1.1.2.2 --- crypto/openssh/auth2-pam-freebsd.c 24 Sep 2003 19:16:24 -0000 1.1.2.2.2.2 *************** pam_child_conv(int n, *** 76,83 **** *resp = xmalloc(n * sizeof **resp); buffer_init(&buffer); for (i = 0; i < n; ++i) { ! resp[i]->resp_retcode = 0; ! resp[i]->resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: buffer_put_cstring(&buffer, msg[i]->msg); --- 76,83 ---- *resp = xmalloc(n * sizeof **resp); buffer_init(&buffer); for (i = 0; i < n; ++i) { ! (*resp)[i].resp_retcode = 0; ! (*resp)[i].resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_child_conv(int n, *** 85,91 **** msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! resp[i]->resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: buffer_put_cstring(&buffer, msg[i]->msg); --- 85,91 ---- msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! (*resp)[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_child_conv(int n, *** 93,99 **** msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! resp[i]->resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: buffer_put_cstring(&buffer, msg[i]->msg); --- 93,99 ---- msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! (*resp)[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_child_conv(int n, *** 111,118 **** buffer_free(&buffer); return (PAM_SUCCESS); fail: - while (i) - xfree(resp[--i]); xfree(*resp); *resp = NULL; buffer_free(&buffer); --- 111,116 ---- Index: crypto/openssh/ssh_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v retrieving revision 1.2.2.6 retrieving revision 1.2.2.6.2.1 diff -p -c -r1.2.2.6 -r1.2.2.6.2.1 *** crypto/openssh/ssh_config 25 Jul 2002 16:03:44 -0000 1.2.2.6 --- crypto/openssh/ssh_config 24 Sep 2003 19:51:42 -0000 1.2.2.6.2.1 *************** *** 34,37 **** # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ ! # VersionAddendum FreeBSD-20020629 --- 34,37 ---- # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ ! # VersionAddendum FreeBSD-20030924 Index: crypto/openssh/sshd_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v retrieving revision 1.4.2.10 retrieving revision 1.4.2.10.2.1 diff -p -c -r1.4.2.10 -r1.4.2.10.2.1 *** crypto/openssh/sshd_config 26 Jul 2002 15:18:32 -0000 1.4.2.10 --- crypto/openssh/sshd_config 24 Sep 2003 19:51:42 -0000 1.4.2.10.2.1 *************** *** 14,20 **** # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. ! #VersionAddendum FreeBSD-20020629 #Port 22 #Protocol 2,1 --- 14,20 ---- # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. ! #VersionAddendum FreeBSD-20030924 #Port 22 #Protocol 2,1 Index: crypto/openssh/version.h =================================================================== RCS file: /home/ncvs/src/crypto/openssh/version.h,v retrieving revision 1.1.1.1.2.9.2.2 retrieving revision 1.1.1.1.2.9.2.3 diff -p -c -r1.1.1.1.2.9.2.2 -r1.1.1.1.2.9.2.3 *** crypto/openssh/version.h 17 Sep 2003 14:51:37 -0000 1.1.1.1.2.9.2.2 --- crypto/openssh/version.h 24 Sep 2003 19:51:42 -0000 1.1.1.1.2.9.2.3 *************** *** 5,11 **** #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.4p1" ! #define SSH_VERSION_ADDENDUM "FreeBSD-20030917" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); --- 5,11 ---- #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.4p1" ! #define SSH_VERSION_ADDENDUM "FreeBSD-20030924" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add);