Index: crypto/openssh/auth-chall.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v retrieving revision 1.2.2.2.2.1 retrieving revision 1.2.2.2.2.2 diff -p -c -r1.2.2.2.2.1 -r1.2.2.2.2.2 *** crypto/openssh/auth-chall.c 16 Jul 2002 12:27:05 -0000 1.2.2.2.2.1 --- crypto/openssh/auth-chall.c 24 Sep 2003 19:53:37 -0000 1.2.2.2.2.2 *************** verify_response(Authctxt *authctxt, cons *** 80,82 **** --- 80,90 ---- authctxt->kbdintctxt = NULL; return res ? 0 : 1; } + void + abandon_challenge_response(Authctxt *authctxt) + { + if (authctxt->kbdintctxt != NULL) { + device->free_ctx(authctxt->kbdintctxt); + authctxt->kbdintctxt = NULL; + } + } Index: crypto/openssh/auth.h =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth.h,v retrieving revision 1.1.1.1.2.4.4.1 retrieving revision 1.1.1.1.2.4.4.2 diff -p -c -r1.1.1.1.2.4.4.1 -r1.1.1.1.2.4.4.2 *** crypto/openssh/auth.h 16 Jul 2002 12:33:06 -0000 1.1.1.1.2.4.4.1 --- crypto/openssh/auth.h 24 Sep 2003 19:53:37 -0000 1.1.1.1.2.4.4.2 *************** struct passwd * getpwnamallow(const char *** 160,165 **** --- 160,166 ---- char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); + void abandon_challenge_response(Authctxt *); struct passwd * auth_get_user(void); Index: crypto/openssh/auth1.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v retrieving revision 1.3.2.7.4.1 retrieving revision 1.3.2.7.4.2 diff -p -c -r1.3.2.7.4.1 -r1.3.2.7.4.2 *** crypto/openssh/auth1.c 16 Jul 2002 12:33:06 -0000 1.3.2.7.4.1 --- crypto/openssh/auth1.c 24 Sep 2003 19:53:37 -0000 1.3.2.7.4.2 *************** do_authloop(Authctxt *authctxt) *** 73,79 **** char info[1024]; u_int dlen; u_int ulen; ! int type = 0; struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", --- 73,79 ---- char info[1024]; u_int dlen; u_int ulen; ! int prev, type = 0; struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", *************** do_authloop(Authctxt *authctxt) *** 103,109 **** --- 103,121 ---- info[0] = '\0'; /* Get a packet from the client. */ + prev = type; type = packet_read(); + + /* + * If we started challenge-response authentication but the + * next packet is not a response to our challenge, release + * the resources allocated by get_challenge() (which would + * normally have been released by verify_response() had we + * received such a response) + */ + if (prev == SSH_CMSG_AUTH_TIS && + type != SSH_CMSG_AUTH_TIS_RESPONSE) + abandon_challenge_response(authctxt); /* Process the packet. */ switch (type) { Index: crypto/openssh/auth2-pam-freebsd.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v retrieving revision 1.2.2.2 retrieving revision 1.2.2.4 diff -p -c -r1.2.2.2 -r1.2.2.4 *** crypto/openssh/auth2-pam-freebsd.c 17 Jul 2002 17:52:36 -0000 1.2.2.2 --- crypto/openssh/auth2-pam-freebsd.c 24 Sep 2003 19:16:50 -0000 1.2.2.4 *************** pam_child_conv(int n, *** 76,83 **** *resp = xmalloc(n * sizeof **resp); buffer_init(&buffer); for (i = 0; i < n; ++i) { ! resp[i]->resp_retcode = 0; ! resp[i]->resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: buffer_put_cstring(&buffer, msg[i]->msg); --- 76,83 ---- *resp = xmalloc(n * sizeof **resp); buffer_init(&buffer); for (i = 0; i < n; ++i) { ! (*resp)[i].resp_retcode = 0; ! (*resp)[i].resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_child_conv(int n, *** 85,91 **** msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! resp[i]->resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: buffer_put_cstring(&buffer, msg[i]->msg); --- 85,91 ---- msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! (*resp)[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_child_conv(int n, *** 93,99 **** msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! resp[i]->resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: buffer_put_cstring(&buffer, msg[i]->msg); --- 93,99 ---- msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; ! (*resp)[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: buffer_put_cstring(&buffer, msg[i]->msg); *************** pam_child_conv(int n, *** 111,118 **** buffer_free(&buffer); return (PAM_SUCCESS); fail: - while (i) - xfree(resp[--i]); xfree(*resp); *resp = NULL; buffer_free(&buffer); --- 111,116 ---- Index: crypto/openssh/ssh_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v retrieving revision 1.2.2.4 retrieving revision 1.2.2.4.4.2 diff -p -c -r1.2.2.4 -r1.2.2.4.4.2 *** crypto/openssh/ssh_config 28 Sep 2001 01:33:35 -0000 1.2.2.4 --- crypto/openssh/ssh_config 24 Sep 2003 19:54:21 -0000 1.2.2.4.4.2 *************** *** 1,13 **** ! # This is ssh client systemwide configuration file. This file provides ! # defaults for users, and the values can be changed in per-user configuration ! # files or on the command line. ! # ! # $OpenBSD: ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $ ! # $FreeBSD$ ! # This is ssh client systemwide configuration file. See ssh(1) for more ! # information. This file provides defaults for users, and the values can ! # be changed in per-user configuration files or on the command line. # Configuration data is parsed as follows: # 1. command line options --- 1,10 ---- ! # $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $ ! # $FreeBSD$ ! # This is the ssh client system-wide configuration file. See ! # ssh_config(5) for more information. This file provides defaults for ! # users, and the values can be changed in per-user configuration files ! # or on the command line. # Configuration data is parsed as follows: # 1. command line options *************** Host * *** 23,40 **** # ForwardAgent no # ForwardX11 no # RhostsAuthentication no ! # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes - # FallBackToRsh no - # UseRsh no # BatchMode no # CheckHostIP yes ! # StrictHostKeyChecking yes # IdentityFile ~/.ssh/identity - # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_rsa # Port 22 Protocol 1,2 ! # Cipher blowfish # EscapeChar ~ --- 20,37 ---- # ForwardAgent no # ForwardX11 no # RhostsAuthentication no ! # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # BatchMode no # CheckHostIP yes ! # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa + # IdentityFile ~/.ssh/id_dsa # Port 22 Protocol 1,2 ! # Cipher 3des ! # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ + # VersionAddendum FreeBSD-20030924 Index: crypto/openssh/sshd_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v retrieving revision 1.4.2.8.2.1 retrieving revision 1.4.2.8.2.2 diff -p -c -r1.4.2.8.2.1 -r1.4.2.8.2.2 *** crypto/openssh/sshd_config 16 Jul 2002 12:33:10 -0000 1.4.2.8.2.1 --- crypto/openssh/sshd_config 24 Sep 2003 19:54:21 -0000 1.4.2.8.2.2 *************** *** 14,20 **** # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. ! #VersionAddendum FreeBSD-20020629 #Port 22 #Protocol 2,1 --- 14,20 ---- # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. ! #VersionAddendum FreeBSD-20030924 #Port 22 #Protocol 2,1 Index: crypto/openssh/version.h =================================================================== RCS file: /home/ncvs/src/crypto/openssh/version.h,v retrieving revision 1.1.1.1.2.8.2.3 retrieving revision 1.1.1.1.2.8.2.4 diff -p -c -r1.1.1.1.2.8.2.3 -r1.1.1.1.2.8.2.4 *** crypto/openssh/version.h 17 Sep 2003 14:52:09 -0000 1.1.1.1.2.8.2.3 --- crypto/openssh/version.h 24 Sep 2003 19:54:21 -0000 1.1.1.1.2.8.2.4 *************** *** 5,11 **** #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.4p1" ! #define SSH_VERSION_ADDENDUM "FreeBSD-20030917" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); --- 5,11 ---- #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.4p1" ! #define SSH_VERSION_ADDENDUM "FreeBSD-20030924" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add);