Index: crypto/openssh/auth-chall.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v retrieving revision 1.2.2.4 retrieving revision 1.2.2.6 diff -p -c -r1.2.2.4 -r1.2.2.6 *** crypto/openssh/auth-chall.c 3 Feb 2003 17:31:06 -0000 1.2.2.4 --- crypto/openssh/auth-chall.c 24 Sep 2003 18:25:31 -0000 1.2.2.6 *************** verify_response(Authctxt *authctxt, cons *** 93,101 **** xfree(info); } /* if we received more prompts, we're screwed */ ! res = (numprompts != 0); } device->free_ctx(authctxt->kbdintctxt); authctxt->kbdintctxt = NULL; return res ? 0 : 1; } --- 93,109 ---- xfree(info); } /* if we received more prompts, we're screwed */ ! res = (res == 0 && numprompts == 0) ? 0 : -1; } device->free_ctx(authctxt->kbdintctxt); authctxt->kbdintctxt = NULL; return res ? 0 : 1; + } + void + abandon_challenge_response(Authctxt *authctxt) + { + if (authctxt->kbdintctxt != NULL) { + device->free_ctx(authctxt->kbdintctxt); + authctxt->kbdintctxt = NULL; + } } Index: crypto/openssh/auth.h =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth.h,v retrieving revision 1.1.1.1.2.6 retrieving revision 1.1.1.1.2.7 diff -p -c -r1.1.1.1.2.6 -r1.1.1.1.2.7 *** crypto/openssh/auth.h 3 Feb 2003 17:31:06 -0000 1.1.1.1.2.6 --- crypto/openssh/auth.h 7 Apr 2003 09:56:46 -0000 1.1.1.1.2.7 *************** struct passwd * getpwnamallow(const char *** 160,165 **** --- 160,166 ---- char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); + void abandon_challenge_response(Authctxt *); struct passwd * auth_get_user(void); Index: crypto/openssh/auth1.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v retrieving revision 1.3.2.9 retrieving revision 1.3.2.10 diff -p -c -r1.3.2.9 -r1.3.2.10 *** crypto/openssh/auth1.c 3 Feb 2003 17:31:06 -0000 1.3.2.9 --- crypto/openssh/auth1.c 7 Apr 2003 09:56:46 -0000 1.3.2.10 *************** do_authloop(Authctxt *authctxt) *** 74,80 **** char info[1024]; u_int dlen; u_int ulen; ! int type = 0; struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", --- 74,80 ---- char info[1024]; u_int dlen; u_int ulen; ! int prev, type = 0; struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", *************** do_authloop(Authctxt *authctxt) *** 104,110 **** --- 104,122 ---- info[0] = '\0'; /* Get a packet from the client. */ + prev = type; type = packet_read(); + + /* + * If we started challenge-response authentication but the + * next packet is not a response to our challenge, release + * the resources allocated by get_challenge() (which would + * normally have been released by verify_response() had we + * received such a response) + */ + if (prev == SSH_CMSG_AUTH_TIS && + type != SSH_CMSG_AUTH_TIS_RESPONSE) + abandon_challenge_response(authctxt); /* Process the packet. */ switch (type) { Index: crypto/openssh/auth2-pam-freebsd.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v retrieving revision 1.1.2.6 retrieving revision 1.1.2.8 diff -p -c -r1.1.2.6 -r1.1.2.8 *** crypto/openssh/auth2-pam-freebsd.c 7 Apr 2003 09:56:46 -0000 1.1.2.6 --- crypto/openssh/auth2-pam-freebsd.c 24 Sep 2003 19:13:34 -0000 1.1.2.8 *************** pam_thread_conv(int n, *** 134,141 **** *resp = xmalloc(n * sizeof **resp); buffer_init(&buffer); for (i = 0; i < n; ++i) { ! resp[i]->resp_retcode = 0; ! resp[i]->resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: buffer_put_cstring(&buffer, msg[i]->msg); --- 134,141 ---- *resp = xmalloc(n * sizeof **resp); buffer_init(&buffer); for (i = 0; i < n; ++i) { ! (*resp)[i].resp_retcode = 0; ! (*resp)[i].resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_thread_conv(int n, *** 143,149 **** ssh_msg_recv(ctxt->pam_csock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! resp[i]->resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: buffer_put_cstring(&buffer, msg[i]->msg); --- 143,149 ---- ssh_msg_recv(ctxt->pam_csock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! (*resp)[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_thread_conv(int n, *** 151,157 **** ssh_msg_recv(ctxt->pam_csock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! resp[i]->resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: buffer_put_cstring(&buffer, msg[i]->msg); --- 151,157 ---- ssh_msg_recv(ctxt->pam_csock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! (*resp)[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_thread_conv(int n, *** 169,176 **** buffer_free(&buffer); return (PAM_SUCCESS); fail: - while (i) - xfree(resp[--i]); xfree(*resp); *resp = NULL; buffer_free(&buffer); --- 169,174 ---- *************** pam_chauthtok_conv(int n, *** 550,569 **** for (i = 0; i < n; ++i) { switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: ! resp[i]->resp = read_passphrase(msg[i]->msg, RP_ALLOW_STDIN); ! resp[i]->resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_ON: fputs(msg[i]->msg, stderr); fgets(input, sizeof input, stdin); ! resp[i]->resp = xstrdup(input); ! resp[i]->resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: fputs(msg[i]->msg, stderr); ! resp[i]->resp_retcode = PAM_SUCCESS; break; default: goto fail; --- 548,567 ---- for (i = 0; i < n; ++i) { switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: ! (*resp)[i].resp = read_passphrase(msg[i]->msg, RP_ALLOW_STDIN); ! (*resp)[i].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_ON: fputs(msg[i]->msg, stderr); fgets(input, sizeof input, stdin); ! (*resp)[i].resp = xstrdup(input); ! (*resp)[i].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: fputs(msg[i]->msg, stderr); ! (*resp)[i].resp_retcode = PAM_SUCCESS; break; default: goto fail; *************** pam_chauthtok_conv(int n, *** 571,578 **** } return (PAM_SUCCESS); fail: - while (i) - xfree(resp[--i]); xfree(*resp); *resp = NULL; return (PAM_CONV_ERR); --- 569,574 ---- Index: crypto/openssh/ssh_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v retrieving revision 1.2.2.8 retrieving revision 1.2.2.9 diff -p -c -r1.2.2.8 -r1.2.2.9 *** crypto/openssh/ssh_config 11 Feb 2003 12:11:54 -0000 1.2.2.8 --- crypto/openssh/ssh_config 24 Sep 2003 19:28:35 -0000 1.2.2.9 *************** *** 35,38 **** # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ ! # VersionAddendum FreeBSD-20030201 --- 35,38 ---- # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ ! # VersionAddendum FreeBSD-20030924 Index: crypto/openssh/sshd_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v retrieving revision 1.4.2.12 retrieving revision 1.4.2.13 diff -p -c -r1.4.2.12 -r1.4.2.13 *** crypto/openssh/sshd_config 11 Feb 2003 12:11:54 -0000 1.4.2.12 --- crypto/openssh/sshd_config 24 Sep 2003 19:28:35 -0000 1.4.2.13 *************** *** 14,20 **** # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. ! #VersionAddendum FreeBSD-20030201 #Port 22 #Protocol 2,1 --- 14,20 ---- # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. ! #VersionAddendum FreeBSD-20030924 #Port 22 #Protocol 2,1 Index: crypto/openssh/version.h =================================================================== RCS file: /home/ncvs/src/crypto/openssh/version.h,v retrieving revision 1.1.1.1.2.12 retrieving revision 1.1.1.1.2.13 diff -p -c -r1.1.1.1.2.12 -r1.1.1.1.2.13 *** crypto/openssh/version.h 17 Sep 2003 14:41:41 -0000 1.1.1.1.2.12 --- crypto/openssh/version.h 24 Sep 2003 19:28:35 -0000 1.1.1.1.2.13 *************** *** 5,11 **** #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.5p1" ! #define SSH_VERSION_ADDENDUM "FreeBSD-20030917" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); --- 5,11 ---- #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.5p1" ! #define SSH_VERSION_ADDENDUM "FreeBSD-20030924" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); Index: crypto/openssh/sshd_config.5 =================================================================== RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v retrieving revision 1.5.2.5 retrieving revision 1.5.2.6 diff -p -c -r1.5.2.5 -r1.5.2.6 *** crypto/openssh/sshd_config.5 11 Feb 2003 12:11:54 -0000 1.5.2.5 --- crypto/openssh/sshd_config.5 24 Sep 2003 19:28:35 -0000 1.5.2.6 *************** The default is *** 647,653 **** Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is ! .Dq FreeBSD-20030201 . .It Cm X11DisplayOffset Specifies the first display number available for .Nm sshd Ns 's --- 647,653 ---- Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is ! .Dq FreeBSD-20030924 . .It Cm X11DisplayOffset Specifies the first display number available for .Nm sshd Ns 's Index: crypto/openssh/ssh_config.5 =================================================================== RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v retrieving revision 1.4.2.4 retrieving revision 1.4.2.5 diff -p -c -r1.4.2.4 -r1.4.2.5 *** crypto/openssh/ssh_config.5 11 Feb 2003 12:11:54 -0000 1.4.2.4 --- crypto/openssh/ssh_config.5 24 Sep 2003 19:28:35 -0000 1.4.2.5 *************** host key database instead of *** 616,622 **** Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is ! .Dq FreeBSD-20030201 . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1 --- 616,622 ---- Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is ! .Dq FreeBSD-20030924 . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1