- OpenBSD CVS updates.

[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
author: Damien Miller <djm@mindrot.org> 2000-04-16 11:18:38 +1000
committer: Damien Miller <djm@mindrot.org> 2000-04-16 11:18:38 +1000
commit: 4af51306d9a51459a5bef922df1037f876ae51fe (patch)
tree: 09ecfc215fce82345a3259f8a0f384b9a67906f0
parent: 5d1705ecf9bd3216dc99a84242bcdf2e7297d307 (diff)
67 files changed, 779 insertions, 646 deletions
diff --git a/ChangeLog b/ChangeLog
index 643a97f00..f23250edf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,17 @@
+20000415
+ - OpenBSD CVS updates.
+   [ssh.1 ssh.c]
+   - ssh -2
+   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
+   [session.c sshconnect.c]
+   - check payload for (illegal) extra data
+   [ALL]
+   whitespace cleanup
 20000413
 - INSTALL doc updates
 - Merged OpenBSD updates to include paths.
+ 
 20000412
 - OpenBSD CVS updates:
   - [channels.c]
diff --git a/auth-krb4.c b/auth-krb4.c
index 7e30646f8..a26842713 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -19,7 +19,7 @@ extern ServerOptions options;
 * return 1 on success, 0 on failure, -1 if krb4 is not available
 */
-int 
+int
 auth_krb4_password(struct passwd * pw, const char *password)
 {
        AUTH_DAT adata;
@@ -135,7 +135,7 @@ krb4_cleanup_proc(void *ignore)
        }
 }
-int 
+int
 krb4_init(uid_t uid)
 {
        static int cleanup_registered = 0;
@@ -179,7 +179,7 @@ krb4_init(uid_t uid)
        return 0;
 }
-int 
+int
 auth_krb4(const char *server_user, KTEXT auth, char **client)
 {
        AUTH_DAT adat = {0};
@@ -252,7 +252,7 @@ auth_krb4(const char *server_user, KTEXT auth, char **client)
 #endif /* KRB4 */
 #ifdef AFS
-int 
+int
 auth_kerberos_tgt(struct passwd *pw, const char *string)
 {
        CREDENTIALS creds;
@@ -307,7 +307,7 @@ auth_kerberos_tgt_failure:
        return 0;
 }
-int 
+int
 auth_afs_token(struct passwd *pw, const char *token_string)
 {
        CREDENTIALS creds;
diff --git a/auth-passwd.c b/auth-passwd.c
index 278212aa5..d2c2ea876 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -11,7 +11,7 @@
 #ifndef USE_PAM
-RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.17 2000/04/16 01:18:39 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -33,7 +33,7 @@ RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $");
 * Tries to authenticate the user using password.  Returns true if
 * authentication succeeds.
 */
-int 
+int
 auth_password(struct passwd * pw, const char *password)
 {
        extern ServerOptions options;
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index d3d90246c..150132fb4 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -1,21 +1,21 @@
 /*
- * 
+ *
 * auth-rh-rsa.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sun May  7 03:08:06 1995 ylo
- * 
+ *
 * Rhosts or /etc/hosts.equiv authentication combined with RSA host
 * authentication.
 *
 */
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.10 2000/04/16 01:18:39 damien Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -42,7 +42,7 @@ RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $");
 * its host key.  Returns true if authentication succeeds.
 */
-int 
+int
 auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
 {
        extern ServerOptions options;
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 318bcfefe..6a5c13e43 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,22 +1,22 @@
 /*
- * 
+ *
 * auth-rhosts.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Fri Mar 17 05:12:18 1995 ylo
- * 
+ *
 * Rhosts authentication.  This file contains code to check whether to admit
 * the login based on rhosts authentication.  This file also processes
 * /etc/hosts.equiv.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: auth-rhosts.c,v 1.7 1999/12/27 12:54:55 damien Exp $");
+RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -30,7 +30,7 @@ RCSID("$Id: auth-rhosts.c,v 1.7 1999/12/27 12:54:55 damien Exp $");
 * based on the file, and returns zero otherwise.
 */
-int 
+int
 check_rhosts_file(const char *filename, const char *hostname,
                  const char *ipaddr, const char *client_user,
                  const char *server_user)
@@ -146,7 +146,7 @@ check_rhosts_file(const char *filename, const char *hostname,
 * /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored).
 */
-int 
+int
 auth_rhosts(struct passwd *pw, const char *client_user)
 {
        extern ServerOptions options;
diff --git a/auth-rsa.c b/auth-rsa.c
index fff524949..e9d61f69b 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,22 +1,22 @@
 /*
- * 
+ *
 * auth-rsa.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Mon Mar 27 01:46:52 1995 ylo
- * 
+ *
 * RSA-based authentication.  This code determines whether to admit a login
 * based on RSA authentication.  This file also contains functions to check
 * validity of the host key.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.15 2000/04/13 02:26:35 damien Exp $");
+RCSID("$Id: auth-rsa.c,v 1.16 2000/04/16 01:18:39 damien Exp $");
 #include "rsa.h"
 #include "packet.h"
@@ -244,7 +244,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
                        debug("%.100s, line %lu: bad key syntax",
                              SSH_USER_PERMITTED_KEYS, linenum);
                        packet_send_debug("%.100s, line %lu: bad key syntax",
-                                          SSH_USER_PERMITTED_KEYS, linenum);
+                                          SSH_USER_PERMITTED_KEYS, linenum);
                        continue;
                }
                /* cp now points to the comment part. */
diff --git a/auth-skey.c b/auth-skey.c
index f403a1962..056efeb9b 100644
--- a/auth-skey.c
+++ b/auth-skey.c
@@ -1,7 +1,7 @@
 #include "includes.h"
 #ifdef SKEY
-RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $");
+RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $");
 #include "ssh.h"
 #include "packet.h"
@@ -15,12 +15,12 @@ RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $");
 /* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
-/* 
+/*
 * try skey authentication,
- * return 1 on success, 0 on failure, -1 if skey is not available 
+ * return 1 on success, 0 on failure, -1 if skey is not available
 */
-int 
+int
 auth_skey_password(struct passwd * pw, const char *password)
 {
        if (strncasecmp(password, "s/key", 5) == 0) {
@@ -53,18 +53,18 @@ auth_skey_password(struct passwd * pw, const char *password)
 */
 static u_int32_t
 hash_collapse(s)
-        u_char *s;
+        u_char *s;
 {
-        int len, target;
+        int len, target;
        u_int32_t i;
        
        if ((strlen(s) % sizeof(u_int32_t)) == 0)
-                target = strlen(s);    /* Multiple of 4 */
+                target = strlen(s);    /* Multiple of 4 */
        else
                target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
-  
        for (i = 0, len = 0; len < target; len += 4)
-                i ^= ROUND(s + len);
+                i ^= ROUND(s + len);
        return i;
 }
diff --git a/auth.c b/auth.c
index e94a86e95..4c6f32b0a 100644
--- a/auth.c
+++ b/auth.c
@@ -5,7 +5,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.2 2000/04/06 08:55:22 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.4 2000/04/14 10:30:29 markus Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -36,9 +36,9 @@ extern char *forced_command;
 * DenyUsers or user's primary group is listed in DenyGroups, false will
 * be returned. If AllowUsers isn't empty and user isn't listed there, or
 * if AllowGroups isn't empty and user isn't listed there, false will be
- * returned. 
+ * returned.
 * If the user's shell is not executable, false will be returned.
- * Otherwise true is returned. 
+ * Otherwise true is returned.
 */
 static int
 allowed_user(struct passwd * pw)
@@ -201,10 +201,10 @@ do_fake_authloop1(char *user)
                                packet_write_wait();
                                continue;
                        } else if (type == SSH_CMSG_AUTH_PASSWORD &&
-                                   options.password_authentication &&
+                                   options.password_authentication &&
-                                   (password = packet_get_string(&dlen)) != NULL &&
+                                   (password = packet_get_string(&dlen)) != NULL &&
-                                   dlen == 5 &&
+                                   dlen == 5 &&
-                                   strncasecmp(password, "s/key", 5) == 0 ) {
+                                   strncasecmp(password, "s/key", 5) == 0 ) {
                                packet_send_debug(skeyinfo);
                        }
                        if (password != NULL)
@@ -457,20 +457,20 @@ do_authloop(struct passwd * pw)
                        break;
                }
-                /*
+                /*
-                 * Check if the user is logging in as root and root logins
+                 * Check if the user is logging in as root and root logins
-                 * are disallowed.
+                 * are disallowed.
-                 * Note that root login is allowed for forced commands.
+                 * Note that root login is allowed for forced commands.
-                 */
+                 */
-                if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
+                if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
-                        if (forced_command) {
+                        if (forced_command) {
-                                log("Root login accepted for forced command.");
+                                log("Root login accepted for forced command.");
-                        } else {
+                        } else {
-                                authenticated = 0;
+                                authenticated = 0;
-                                log("ROOT LOGIN REFUSED FROM %.200s",
+                                log("ROOT LOGIN REFUSED FROM %.200s",
-                                    get_canonical_hostname());
+                                    get_canonical_hostname());
-                        }
+                        }
-                }
+                }
                /* Raise logging level */
                if (authenticated ||
@@ -685,6 +685,7 @@ input_service_request(int type, int plen)
        unsigned int len;
        int accept = 0;
        char *service = packet_get_string(&len);
+        packet_done();
        if (strcmp(service, "ssh-userauth") == 0) {
                if (!userauth_success) {
@@ -727,6 +728,7 @@ input_userauth_request(int type, int plen)
        pw = auth_set_user(user, service);
        if (pw && strcmp(service, "ssh-connection")==0) {
                if (strcmp(method, "none") == 0 && try == 1) {
+                        packet_done();
 #ifdef USE_PAM
                        /* Do PAM auth with password */
                        authenticated = auth_pam_password(pw, "");
@@ -740,6 +742,7 @@ input_userauth_request(int type, int plen)
                        if (c)
                                debug("password change not supported");
                        password = packet_get_string(&len);
+                        packet_done();
 #ifdef USE_PAM
                        /* Do PAM auth with password */
                        authenticated = auth_pam_password(pw, password);
@@ -751,11 +754,19 @@ input_userauth_request(int type, int plen)
                        xfree(password);
                } else if (strcmp(method, "publickey") == 0) {
                        /* XXX TODO */
-                        char *pkalg;
+                        char *pkalg, *pkblob, *sig;
-                        char *pkblob;
+                        int have_sig = packet_get_char();
-                        c = packet_get_char();
                        pkalg = packet_get_string(&len);
                        pkblob = packet_get_string(&len);
+                        if (have_sig) {
+                                sig = packet_get_string(&len);
+                                /* test for correct signature */
+                                packet_done();
+                                xfree(sig);
+                        } else {
+                                packet_done();
+                                /* test whether pkalg/pkblob are acceptable */
+                        }
                        xfree(pkalg);
                        xfree(pkblob);
                }
@@ -764,7 +775,6 @@ input_userauth_request(int type, int plen)
        if (authenticated) {
                /* turn off userauth */
                dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
-                /* success! */
                packet_start(SSH2_MSG_USERAUTH_SUCCESS);
                packet_send();
                packet_write_wait();
@@ -782,7 +792,7 @@ input_userauth_request(int type, int plen)
        xfree(user);
        xfree(method);
 }
-void 
+void
 do_authentication2()
 {
        dispatch_init(&protocol_error);
diff --git a/authfd.c b/authfd.c
index 80af9529a..d920b1f66 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * authfd.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Mar 29 01:30:28 1995 ylo
- * 
+ *
 * Functions for connecting the local authentication agent.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: authfd.c,v 1.11 2000/04/13 02:26:35 damien Exp $");
+RCSID("$Id: authfd.c,v 1.12 2000/04/16 01:18:40 damien Exp $");
 #include "ssh.h"
 #include "rsa.h"
@@ -69,7 +69,7 @@ ssh_get_authentication_socket()
 * ssh_get_authentication_socket().
 */
-void 
+void
 ssh_close_authentication_socket(int sock)
 {
        if (getenv(SSH_AUTHSOCKET_ENV_NAME))
@@ -113,7 +113,7 @@ ssh_get_authentication_connection()
 * memory.
 */
-void 
+void
 ssh_close_authentication_connection(AuthenticationConnection *ac)
 {
        buffer_free(&ac->packet);
@@ -343,7 +343,7 @@ error_cleanup:
 * be used by normal applications.
 */
-int 
+int
 ssh_add_identity(AuthenticationConnection *auth,
                 RSA * key, const char *comment)
 {
@@ -431,7 +431,7 @@ error_cleanup:
 * meant to be used by normal applications.
 */
-int 
+int
 ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
 {
        Buffer buffer;
@@ -514,7 +514,7 @@ error_cleanup:
 * by normal applications.
 */
-int 
+int
 ssh_remove_all_identities(AuthenticationConnection *auth)
 {
        Buffer buffer;
diff --git a/authfd.h b/authfd.h
index 01cfd93a5..420f592bb 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * authfd.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Mar 29 01:17:41 1995 ylo
- * 
+ *
 * Functions to interface with the SSH_AUTHENTICATION_FD socket.
- * 
+ *
 */
-/* RCSID("$Id: authfd.h,v 1.4 1999/11/25 00:54:58 damien Exp $"); */
+/* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
 #ifndef AUTHFD_H
 #define AUTHFD_H
@@ -67,7 +67,7 @@ void    ssh_close_authentication_connection(AuthenticationConnection * ac);
 * integers before the call, and free the comment after a successful call
 * (before calling ssh_get_next_identity).
 */
-int 
+int
 ssh_get_first_identity(AuthenticationConnection * connection,
    BIGNUM * e, BIGNUM * n, char **comment);
@@ -77,13 +77,13 @@ ssh_get_first_identity(AuthenticationConnection * connection,
 * function.  This returns 0 if there are no more identities.  The caller
 * must free comment after a successful return.
 */
-int 
+int
 ssh_get_next_identity(AuthenticationConnection * connection,
    BIGNUM * e, BIGNUM * n, char **comment);
 /* Requests the agent to decrypt the given challenge.  Returns true if
   the agent claims it was able to decrypt it. */
-int 
+int
 ssh_decrypt_challenge(AuthenticationConnection * auth,
    BIGNUM * e, BIGNUM * n, BIGNUM * challenge,
    unsigned char session_id[16],
@@ -95,7 +95,7 @@ ssh_decrypt_challenge(AuthenticationConnection * auth,
 * be used by normal applications.  This returns true if the identity was
 * successfully added.
 */
-int    
+int
 ssh_add_identity(AuthenticationConnection * connection, RSA * key,
    const char *comment);
diff --git a/authfile.c b/authfile.c
index 6113ddd87..d7912d0da 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,21 +1,21 @@
 /*
- * 
+ *
 * authfile.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Mon Mar 27 03:52:05 1995 ylo
- * 
+ *
 * This file contains functions for reading and writing identity files, and
 * for reading the passphrase from the user.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: authfile.c,v 1.9 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: authfile.c,v 1.10 2000/04/16 01:18:40 damien Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
diff --git a/bufaux.c b/bufaux.c
index 7ebc2aa62..b4d52270a 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -1,14 +1,14 @@
 /*
- * 
+ *
 * bufaux.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Mar 29 02:24:47 1995 ylo
- * 
+ *
 * Auxiliary functions for storing and retrieving various data types to/from
 * Buffers.
 *
@@ -17,7 +17,7 @@
 */
 #include "includes.h"
-RCSID("$Id: bufaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: bufaux.c,v 1.11 2000/04/16 01:18:40 damien Exp $");
 #include "ssh.h"
diff --git a/bufaux.h b/bufaux.h
index b22e98bd4..80bad6ea7 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -1,17 +1,17 @@
 /*
- * 
+ *
 * bufaux.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Mar 29 02:18:23 1995 ylo
- * 
+ *
 */
-/* RCSID("$Id: bufaux.h,v 1.4 2000/04/01 01:09:23 damien Exp $"); */
+/* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
 #ifndef BUFAUX_H
 #define BUFAUX_H
diff --git a/buffer.c b/buffer.c
index 48ae96a42..83a63e6f0 100644
--- a/buffer.c
+++ b/buffer.c
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * buffer.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sat Mar 18 04:15:33 1995 ylo
- * 
+ *
 * Functions for manipulating fifo buffers (that can grow if needed).
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
@@ -22,7 +22,7 @@ RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $");
 /* Initializes the buffer structure. */
-void 
+void
 buffer_init(Buffer *buffer)
 {
        buffer->alloc = 4096;
@@ -33,7 +33,7 @@ buffer_init(Buffer *buffer)
 /* Frees any memory used for the buffer. */
-void 
+void
 buffer_free(Buffer *buffer)
 {
        memset(buffer->buf, 0, buffer->alloc);
@@ -45,7 +45,7 @@ buffer_free(Buffer *buffer)
 * zero the memory.
 */
-void 
+void
 buffer_clear(Buffer *buffer)
 {
        buffer->offset = 0;
@@ -54,7 +54,7 @@ buffer_clear(Buffer *buffer)
 /* Appends data to the buffer, expanding it if necessary. */
-void 
+void
 buffer_append(Buffer *buffer, const char *data, unsigned int len)
 {
        char *cp;
@@ -68,7 +68,7 @@ buffer_append(Buffer *buffer, const char *data, unsigned int len)
 * to the allocated region.
 */
-void 
+void
 buffer_append_space(Buffer *buffer, char **datap, unsigned int len)
 {
        /* If the buffer is empty, start using it from the beginning. */
@@ -102,7 +102,7 @@ restart:
 /* Returns the number of bytes of data in the buffer. */
-unsigned int 
+unsigned int
 buffer_len(Buffer *buffer)
 {
        return buffer->end - buffer->offset;
@@ -110,7 +110,7 @@ buffer_len(Buffer *buffer)
 /* Gets data from the beginning of the buffer. */
-void 
+void
 buffer_get(Buffer *buffer, char *buf, unsigned int len)
 {
        if (len > buffer->end - buffer->offset)
@@ -121,7 +121,7 @@ buffer_get(Buffer *buffer, char *buf, unsigned int len)
 /* Consumes the given number of bytes from the beginning of the buffer. */
-void 
+void
 buffer_consume(Buffer *buffer, unsigned int bytes)
 {
        if (bytes > buffer->end - buffer->offset)
@@ -131,7 +131,7 @@ buffer_consume(Buffer *buffer, unsigned int bytes)
 /* Consumes the given number of bytes from the end of the buffer. */
-void 
+void
 buffer_consume_end(Buffer *buffer, unsigned int bytes)
 {
        if (bytes > buffer->end - buffer->offset)
@@ -149,7 +149,7 @@ buffer_ptr(Buffer *buffer)
 /* Dumps the contents of the buffer to stderr. */
-void 
+void
 buffer_dump(Buffer *buffer)
 {
        int i;
diff --git a/canohost.c b/canohost.c
index a11d66392..1b5790929 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * canohost.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sun Jul  2 17:52:22 1995 ylo
- * 
+ *
 * Functions for returning the canonical host name of the remote site.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: canohost.c,v 1.8 2000/03/11 09:45:41 damien Exp $");
+RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $");
 #include "packet.h"
 #include "xmalloc.h"
@@ -265,7 +265,7 @@ get_sock_port(int sock, int local)
 /* Returns remote/local port number for the current connection. */
-int 
+int
 get_port(int local)
 {
        /*
@@ -279,13 +279,13 @@ get_port(int local)
        return get_sock_port(packet_get_connection_in(), local);
 }
-int 
+int
 get_peer_port(int sock)
 {
        return get_sock_port(sock, 0);
 }
-int 
+int
 get_remote_port()
 {
        return get_port(0);
diff --git a/channels.c b/channels.c
index 957b4a428..5f3b0d113 100644
--- a/channels.c
+++ b/channels.c
@@ -1,23 +1,23 @@
 /*
- * 
+ *
 * channels.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Fri Mar 24 16:35:24 1995 ylo
- * 
+ *
 * This file contains functions for generic socket connection forwarding.
 * There is also code for initiating connection forwarding for X11 connections,
 * arbitrary tcp/ip connections, and the authentication agent connection.
- * 
+ *
 * SSH2 support added by Markus Friedl.
 */
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.24 2000/04/12 10:17:38 damien Exp $");
+RCSID("$Id: channels.c,v 1.25 2000/04/16 01:18:41 damien Exp $");
 #include "ssh.h"
 #include "packet.h"
@@ -109,7 +109,7 @@ static int have_hostname_in_open = 0;
 /* Sets specific protocol options. */
-void 
+void
 channel_set_options(int hostname_in_open)
 {
        have_hostname_in_open = hostname_in_open;
@@ -121,7 +121,7 @@ channel_set_options(int hostname_in_open)
 * and the server has no way to know but to trust the client anyway.
 */
-void 
+void
 channel_permit_all_opens()
 {
        all_opens_permitted = 1;
@@ -150,7 +150,7 @@ channel_lookup(int id)
 * remote_name to be freed.
 */
-int 
+int
 channel_new(char *ctype, int type, int rfd, int wfd, int efd,
    int window, int maxpack, int extended_usage, char *remote_name)
 {
@@ -226,7 +226,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
        debug("channel %d: new [%s]", found, remote_name);
        return found;
 }
-int 
+int
 channel_allocate(int type, int sock, char *remote_name)
 {
        return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name);
@@ -234,7 +234,7 @@ channel_allocate(int type, int sock, char *remote_name)
 /* Free the channel and close its socket. */
-void 
+void
 channel_free(int id)
 {
        Channel *c = channel_lookup(id);
@@ -361,7 +361,7 @@ channel_pre_output_draining(Channel *c, fd_set * readset, fd_set * writeset)
 {
        if (buffer_len(&c->output) == 0)
                channel_free(c->self);
-        else 
+        else
                FD_SET(c->sock, writeset);
 }
@@ -540,8 +540,10 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
                        packet_put_int(newch);
                        packet_put_int(c->local_window_max);
                        packet_put_int(c->local_maxpacket);
+                        /* target host and port */
                        packet_put_string(c->path, strlen(c->path));
                        packet_put_int(c->host_port);
+                        /* originator host and port */
                        packet_put_cstring(remote_hostname);
                        packet_put_int(remote_port);
                        packet_send();
@@ -782,7 +784,7 @@ channel_handler_init(void)
                channel_handler_init_15();
 }
-void 
+void
 channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
 {
        static int did_init = 0;
@@ -804,13 +806,13 @@ channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
        }
 }
-void 
+void
 channel_prepare_select(fd_set * readset, fd_set * writeset)
 {
        channel_handler(channel_pre, readset, writeset);
 }
-void 
+void
 channel_after_select(fd_set * readset, fd_set * writeset)
 {
        channel_handler(channel_post, readset, writeset);
@@ -818,7 +820,7 @@ channel_after_select(fd_set * readset, fd_set * writeset)
 /* If there is data to send to the connection, send some of it now. */
-void 
+void
 channel_output_poll()
 {
        int len, i;
@@ -909,7 +911,7 @@ channel_output_poll()
 * still there.
 */
-void 
+void
 channel_input_data(int type, int plen)
 {
        int id;
@@ -934,6 +936,7 @@ channel_input_data(int type, int plen)
        /* Get the data. */
        data = packet_get_string(&data_len);
+        packet_done();
        if (compat20){
                if (data_len > c->local_maxpacket) {
@@ -953,7 +956,7 @@ channel_input_data(int type, int plen)
        buffer_append(&c->output, data, data_len);
        xfree(data);
 }
-void 
+void
 channel_input_extended_data(int type, int plen)
 {
        int id;
@@ -980,6 +983,7 @@ channel_input_extended_data(int type, int plen)
                return;
        }
        data = packet_get_string(&data_len);
+        packet_done();
        if (data_len > c->local_window) {
                log("channel %d: rcvd too much extended_data %d, win %d",
                    c->self, data_len, c->local_window);
@@ -998,7 +1002,7 @@ channel_input_extended_data(int type, int plen)
 * more channel is overfull.
 */
-int 
+int
 channel_not_very_much_buffered_data()
 {
        unsigned int i;
@@ -1022,7 +1026,7 @@ channel_not_very_much_buffered_data()
        return 1;
 }
-void 
+void
 channel_input_ieof(int type, int plen)
 {
        int id;
@@ -1037,7 +1041,7 @@ channel_input_ieof(int type, int plen)
        chan_rcvd_ieof(c);
 }
-void 
+void
 channel_input_close(int type, int plen)
 {
        int id;
@@ -1076,7 +1080,7 @@ channel_input_close(int type, int plen)
 }
 /* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */
-void 
+void
 channel_input_oclose(int type, int plen)
 {
        int id = packet_get_int();
@@ -1087,12 +1091,13 @@ channel_input_oclose(int type, int plen)
        chan_rcvd_oclose(c);
 }
-void 
+void
 channel_input_close_confirmation(int type, int plen)
 {
        int id = packet_get_int();
        Channel *c = channel_lookup(id);
+        packet_done();
        if (c == NULL)
                packet_disconnect("Received close confirmation for "
                    "out-of-range channel %d.", id);
@@ -1102,7 +1107,7 @@ channel_input_close_confirmation(int type, int plen)
        channel_free(c->self);
 }
-void 
+void
 channel_input_open_confirmation(int type, int plen)
 {
        int id, remote_id;
@@ -1125,6 +1130,7 @@ channel_input_open_confirmation(int type, int plen)
        if (compat20) {
                c->remote_window = packet_get_int();
                c->remote_maxpacket = packet_get_int();
+                packet_done();
                if (c->cb_fn != NULL && c->cb_event == type) {
                        debug("callback start");
                        c->cb_fn(c->self, c->cb_arg);
@@ -1135,7 +1141,7 @@ channel_input_open_confirmation(int type, int plen)
        }
 }
-void 
+void
 channel_input_open_failure(int type, int plen)
 {
        int id;
@@ -1153,8 +1159,11 @@ channel_input_open_failure(int type, int plen)
        if (compat20) {
                int reason = packet_get_int();
                char *msg  = packet_get_string(NULL);
+                char *lang  = packet_get_string(NULL);
                log("channel_open_failure: %d: reason %d: %s", id, reason, msg);
+                packet_done();
                xfree(msg);
+                xfree(lang);
        }
        /* Free the channel.  This will also close the socket. */
        channel_free(id);
@@ -1185,7 +1194,7 @@ debug("cb_fn %p cb_event %d", c->cb_fn , c->cb_event);
        }
 }
-void 
+void
 channel_input_window_adjust(int type, int plen)
 {
        Channel *c;
@@ -1204,6 +1213,7 @@ channel_input_window_adjust(int type, int plen)
                return;
        }
        adjust = packet_get_int();
+        packet_done();
        debug("channel %d: rcvd adjust %d", id, adjust);
        c->remote_window += adjust;
 }
@@ -1213,7 +1223,7 @@ channel_input_window_adjust(int type, int plen)
 * might have.
 */
-void 
+void
 channel_stop_listening()
 {
        int i;
@@ -1240,7 +1250,7 @@ channel_stop_listening()
 * descriptors after a fork.
 */
-void 
+void
 channel_close_all()
 {
        int i;
@@ -1252,7 +1262,7 @@ channel_close_all()
 /* Returns the maximum file descriptor number used by the channels. */
-int 
+int
 channel_max_fd()
 {
        return channel_max_fd_value;
@@ -1260,7 +1270,7 @@ channel_max_fd()
 /* Returns true if any channel is still open. */
-int 
+int
 channel_still_open()
 {
        unsigned int i;
@@ -1347,7 +1357,7 @@ channel_open_message()
 * channel to host:port from remote side.
 */
-void 
+void
 channel_request_local_forwarding(u_short port, const char *host,
                                 u_short host_port, int gateway_ports)
 {
@@ -1435,7 +1445,7 @@ channel_request_local_forwarding(u_short port, const char *host,
 * the secure channel to host:port from local side.
 */
-void 
+void
 channel_request_remote_forwarding(u_short listen_port, const char *host_to_connect,
                                  u_short port_to_connect)
 {
@@ -1478,7 +1488,7 @@ channel_request_remote_forwarding(u_short listen_port, const char *host_to_conne
 * message if there was an error).  This never returns if there was an error.
 */
-void 
+void
 channel_input_port_forward_request(int is_root)
 {
        u_short port, host_port;
@@ -1562,7 +1572,7 @@ channel_connect_to(const char *host, u_short host_port)
 * or CHANNEL_OPEN_FAILURE.
 */
-void 
+void
 channel_input_port_open(int type, int plen)
 {
        u_short host_port;
@@ -1807,7 +1817,7 @@ connect_local_xsocket(unsigned int dnr)
 * with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE.
 */
-void 
+void
 x11_input_open(int type, int plen)
 {
        int remote_channel, display_number, sock = 0, newch;
@@ -1911,7 +1921,7 @@ x11_input_open(int type, int plen)
        }
        freeaddrinfo(aitop);
        if (!ai) {
-                error("connect %.100s port %d: %.100s", buf, 6000 + display_number, 
+                error("connect %.100s port %d: %.100s", buf, 6000 + display_number,
                    strerror(errno));
                goto fail;
        }
@@ -1945,7 +1955,7 @@ fail:
 * data, and enables authentication spoofing.
 */
-void 
+void
 x11_request_forwarding_with_spoofing(const char *proto, const char *data)
 {
        unsigned int data_len = (unsigned int) strlen(data) / 2;
@@ -2003,7 +2013,7 @@ x11_request_forwarding_with_spoofing(const char *proto, const char *data)
 /* Sends a message to the server to request authentication fd forwarding. */
-void 
+void
 auth_request_forwarding()
 {
        packet_start(SSH_CMSG_AGENT_REQUEST_FORWARDING);
@@ -2025,7 +2035,7 @@ auth_get_socket_name()
 /* removes the agent forwarding socket */
-void 
+void
 cleanup_socket(void)
 {
        remove(channel_forwarded_auth_socket_name);
@@ -2037,7 +2047,7 @@ cleanup_socket(void)
 * This starts forwarding authentication requests.
 */
-void 
+void
 auth_input_request_forwarding(struct passwd * pw)
 {
        int sock, newch;
@@ -2095,7 +2105,7 @@ auth_input_request_forwarding(struct passwd * pw)
 /* This is called to process an SSH_SMSG_AGENT_OPEN message. */
-void 
+void
 auth_input_open_request(int type, int plen)
 {
        int remch, sock, newch;
diff --git a/channels.h b/channels.h
index 33af09d9d..cab796440 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* RCSID("$Id: channels.h,v 1.6 2000/04/04 04:39:01 damien Exp $"); */
+/* RCSID("$Id: channels.h,v 1.7 2000/04/16 01:18:41 damien Exp $"); */
 #ifndef CHANNELS_H
 #define CHANNELS_H
@@ -149,7 +149,7 @@ char   *channel_open_message(void);
 * channel to host:port from remote side.  This never returns if there was an
 * error.
 */
-void 
+void
 channel_request_local_forwarding(u_short port, const char *host,
    u_short remote_port, int gateway_ports);
@@ -159,7 +159,7 @@ channel_request_local_forwarding(u_short port, const char *host,
 * there was an error.  This registers that open requests for that port are
 * permitted.
 */
-void 
+void
 channel_request_remote_forwarding(u_short port, const char *host,
    u_short remote_port);
diff --git a/cipher.c b/cipher.c
index 1bd8f7c86..edc50dcf4 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,18 +1,18 @@
 /*
- * 
+ *
 * cipher.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Apr 19 17:41:39 1995 ylo
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: cipher.c,v 1.18 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: cipher.c,v 1.19 2000/04/16 01:18:41 damien Exp $");
 #include "ssh.h"
 #include "cipher.h"
@@ -138,7 +138,7 @@ static char *cipher_names[] =
 * supported cipher.
 */
-unsigned int 
+unsigned int
 cipher_mask1()
 {
        unsigned int mask = 0;
@@ -146,7 +146,7 @@ cipher_mask1()
        mask |= 1 << SSH_CIPHER_BLOWFISH;
        return mask;
 }
-unsigned int 
+unsigned int
 cipher_mask2()
 {
        unsigned int mask = 0;
@@ -156,7 +156,7 @@ cipher_mask2()
        mask |= 1 << SSH_CIPHER_CAST128_CBC;
        return mask;
 }
-unsigned int 
+unsigned int
 cipher_mask()
 {
        return cipher_mask1() | cipher_mask2();
@@ -218,7 +218,7 @@ cipher_number(const char *name)
 * passphrase and using the resulting 16 bytes as the key.
 */
-void 
+void
 cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase)
 {
        MD5_CTX md;
@@ -236,7 +236,7 @@ cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase
 /* Selects the cipher to use and sets the key. */
-void 
+void
 cipher_set_key(CipherContext *context, int cipher, const unsigned char *key,
    int keylen)
 {
@@ -297,9 +297,9 @@ cipher_set_key(CipherContext *context, int cipher, const unsigned char *key,
        memset(padded, 0, sizeof(padded));
 }
-void 
+void
 cipher_set_key_iv(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen, 
+    const unsigned char *key, int keylen,
    const unsigned char *iv, int ivlen)
 {
        /* Set cipher type. */
@@ -357,7 +357,7 @@ cipher_set_key_iv(CipherContext * context, int cipher,
 /* Encrypts data using the cipher. */
-void 
+void
 cipher_encrypt(CipherContext *context, unsigned char *dest,
               const unsigned char *src, unsigned int len)
 {
@@ -379,14 +379,14 @@ cipher_encrypt(CipherContext *context, unsigned char *dest,
        case SSH_CIPHER_BLOWFISH:
                swap_bytes(src, dest, len);
                BF_cbc_encrypt(dest, dest, len,
-                               &context->u.bf.key, context->u.bf.iv,
+                               &context->u.bf.key, context->u.bf.iv,
                               BF_ENCRYPT);
                swap_bytes(dest, dest, len);
                break;
        case SSH_CIPHER_BLOWFISH_CBC:
                BF_cbc_encrypt((void *)src, dest, len,
-                               &context->u.bf.key, context->u.bf.iv,
+                               &context->u.bf.key, context->u.bf.iv,
                               BF_ENCRYPT);
                break;
@@ -412,7 +412,7 @@ cipher_encrypt(CipherContext *context, unsigned char *dest,
 /* Decrypts data using the cipher. */
-void 
+void
 cipher_decrypt(CipherContext *context, unsigned char *dest,
               const unsigned char *src, unsigned int len)
 {
diff --git a/cipher.h b/cipher.h
index 1112bffd9..383e3444f 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,17 +1,17 @@
 /*
- * 
+ *
 * cipher.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Apr 19 16:50:42 1995 ylo
- * 
+ *
 */
-/* RCSID("$Id: cipher.h,v 1.10 2000/04/13 02:26:36 damien Exp $"); */
+/* RCSID("$Id: cipher.h,v 1.11 2000/04/16 01:18:41 damien Exp $"); */
 #ifndef CIPHER_H
 #define CIPHER_H
@@ -95,29 +95,29 @@ int     ciphers_valid(const char *names);
 * Selects the cipher to use and sets the key.  If for_encryption is true,
 * the key is setup for encryption; otherwise it is setup for decryption.
 */
-void 
+void
 cipher_set_key(CipherContext * context, int cipher,
    const unsigned char *key, int keylen);
-void 
+void
 cipher_set_key_iv(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen, 
+    const unsigned char *key, int keylen,
    const unsigned char *iv, int ivlen);
 /*
 * Sets key for the cipher by computing the MD5 checksum of the passphrase,
 * and using the resulting 16 bytes as the key.
 */
-void 
+void
 cipher_set_key_string(CipherContext * context, int cipher,
    const char *passphrase);
 /* Encrypts data using the cipher. */
-void 
+void
 cipher_encrypt(CipherContext * context, unsigned char *dest,
    const unsigned char *src, unsigned int len);
 /* Decrypts data using the cipher. */
-void 
+void
 cipher_decrypt(CipherContext * context, unsigned char *dest,
    const unsigned char *src, unsigned int len);
diff --git a/clientloop.c b/clientloop.c
index 91a200663..cc25ca550 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,22 +1,22 @@
 /*
- * 
+ *
 * clientloop.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
- * 
+ *
 * Created: Sat Sep 23 12:23:57 1995 ylo
- * 
+ *
 * The main loop for the interactive session (client side).
- * 
+ *
 * SSH2 support added by Markus Friedl.
 */
 #include "includes.h"
-RCSID("$Id: clientloop.c,v 1.10 2000/04/12 10:17:39 damien Exp $");
+RCSID("$Id: clientloop.c,v 1.11 2000/04/16 01:18:41 damien Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
@@ -83,7 +83,7 @@ int	session_ident = -1;
 /* Returns the user\'s terminal to normal mode if it had been put in raw mode. */
-void 
+void
 leave_raw_mode()
 {
        if (!in_raw_mode)
@@ -97,7 +97,7 @@ leave_raw_mode()
 /* Puts the user\'s terminal in raw mode. */
-void 
+void
 enter_raw_mode()
 {
        struct termios tio;
@@ -123,7 +123,7 @@ enter_raw_mode()
 /* Restores stdin to blocking mode. */
-void 
+void
 leave_non_blocking()
 {
        if (in_non_blocking_mode) {
@@ -135,7 +135,7 @@ leave_non_blocking()
 /* Puts stdin terminal in non-blocking mode. */
-void 
+void
 enter_non_blocking()
 {
        in_non_blocking_mode = 1;
@@ -148,7 +148,7 @@ enter_non_blocking()
 * flag indicating that the window has changed.
 */
-void 
+void
 window_change_handler(int sig)
 {
        received_window_change_signal = 1;
@@ -160,7 +160,7 @@ window_change_handler(int sig)
 * signals must be trapped to restore terminal modes.
 */
-void 
+void
 signal_handler(int sig)
 {
        if (in_raw_mode)
@@ -177,7 +177,7 @@ signal_handler(int sig)
 * available resolution.
 */
-double 
+double
 get_current_time()
 {
        struct timeval tv;
@@ -191,7 +191,7 @@ get_current_time()
 * not appear to wake up when redirecting from /dev/null.
 */
-void 
+void
 client_check_initial_eof_on_stdin()
 {
        int len;
@@ -245,7 +245,7 @@ client_check_initial_eof_on_stdin()
 * connection.
 */
-void 
+void
 client_make_packets_from_stdin_data()
 {
        unsigned int len;
@@ -276,7 +276,7 @@ client_make_packets_from_stdin_data()
 * appropriate.
 */
-void 
+void
 client_check_window_change()
 {
        struct winsize ws;
@@ -313,7 +313,7 @@ client_check_window_change()
 * one of the file descriptors).
 */
-void 
+void
 client_wait_until_can_do_something(fd_set * readset, fd_set * writeset)
 {
        /*debug("client_wait_until_can_do_something"); */
@@ -380,7 +380,7 @@ client_wait_until_can_do_something(fd_set * readset, fd_set * writeset)
        }
 }
-void 
+void
 client_suspend_self()
 {
        struct winsize oldws, newws;
@@ -425,7 +425,7 @@ client_suspend_self()
        enter_raw_mode();
 }
-void 
+void
 client_process_net_input(fd_set * readset)
 {
        int len;
@@ -468,7 +468,7 @@ client_process_net_input(fd_set * readset)
        }
 }
-void 
+void
 client_process_input(fd_set * readset)
 {
        int len, pid;
@@ -657,7 +657,7 @@ Supported escape sequences:\r\n\
        }
 }
-void 
+void
 client_process_output(fd_set * writeset)
 {
        int len;
@@ -717,7 +717,7 @@ client_process_output(fd_set * writeset)
 * preparatory phase.
 */
-void 
+void
 client_process_buffered_input_packets()
 {
        dispatch_run(DISPATCH_NONBLOCK, &quit_pending);
@@ -730,7 +730,7 @@ client_process_buffered_input_packets()
 * character for terminating or suspending the session.
 */
-int 
+int
 client_loop(int have_pty, int escape_char_arg)
 {
        extern Options options;
@@ -953,7 +953,7 @@ client_input_exit_status(int type, int plen)
        quit_pending = 1;
 }
-void 
+void
 client_init_dispatch_20()
 {
        dispatch_init(&dispatch_protocol_error);
@@ -966,7 +966,7 @@ client_init_dispatch_20()
        dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
        dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
 }
-void 
+void
 client_init_dispatch_13()
 {
        dispatch_init(NULL);
@@ -983,14 +983,14 @@ client_init_dispatch_13()
        dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
        dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
 }
-void 
+void
 client_init_dispatch_15()
 {
        client_init_dispatch_13();
        dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
        dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, & channel_input_oclose);
 }
-void 
+void
 client_init_dispatch()
 {
        if (compat20)
@@ -1027,6 +1027,7 @@ client_input_channel_req(int id, void *arg)
        } else if (strcmp(rtype, "exit-status") == 0) {
                success = 1;
                exit_status = packet_get_int();
+                packet_done();
        }
        if (reply) {
                packet_start(success ?
diff --git a/compat.c b/compat.c
index d56e3e81d..4673e3fbc 100644
--- a/compat.c
+++ b/compat.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: compat.c,v 1.7 2000/04/12 10:17:39 damien Exp $");
+RCSID("$Id: compat.c,v 1.8 2000/04/16 01:18:42 damien Exp $");
 #include "ssh.h"
 #include "packet.h"
@@ -39,14 +39,14 @@ int compat13 = 0;
 int compat20 = 0;
 int datafellows = 0;
-void 
+void
 enable_compat20(void)
 {
        verbose("Enabling compatibility mode for protocol 2.0");
        compat20 = 1;
        packet_set_ssh2_format();
 }
-void 
+void
 enable_compat13(void)
 {
        verbose("Enabling compatibility mode for protocol 1.3");
diff --git a/compress.c b/compress.c
index ee5cdccb5..610aaf7e6 100644
--- a/compress.c
+++ b/compress.c
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * compress.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Oct 25 22:12:46 1995 ylo
- * 
+ *
 * Interface to packet compression for ssh.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: compress.c,v 1.5 2000/04/01 01:09:24 damien Exp $");
+RCSID("$Id: compress.c,v 1.6 2000/04/16 01:18:42 damien Exp $");
 #include "ssh.h"
 #include "buffer.h"
@@ -28,7 +28,7 @@ static z_stream outgoing_stream;
 * (as in gzip).
 */
-void 
+void
 buffer_compress_init(int level)
 {
        debug("Enabling compression at level %d.", level);
@@ -40,7 +40,7 @@ buffer_compress_init(int level)
 /* Frees any data structures allocated for compression. */
-void 
+void
 buffer_compress_uninit()
 {
        debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f",
@@ -64,7 +64,7 @@ buffer_compress_uninit()
 * receiver.  This appends the compressed data to the output buffer.
 */
-void 
+void
 buffer_compress(Buffer * input_buffer, Buffer * output_buffer)
 {
        char buf[4096];
@@ -108,7 +108,7 @@ buffer_compress(Buffer * input_buffer, Buffer * output_buffer)
 * with that.  This appends the uncompressed data to the output buffer.
 */
-void 
+void
 buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer)
 {
        char buf[4096];
diff --git a/compress.h b/compress.h
index 41279a0bd..f13183324 100644
--- a/compress.h
+++ b/compress.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * compress.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Oct 25 22:12:46 1995 ylo
- * 
+ *
 * Interface to packet compression for ssh.
- * 
+ *
 */
-/* RCSID("$Id: compress.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: compress.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */
 #ifndef COMPRESS_H
 #define COMPRESS_H
diff --git a/crc32.h b/crc32.h
index d20a8ab15..15ac29999 100644
--- a/crc32.h
+++ b/crc32.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * crc32.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1992 Tatu Ylonen, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Tue Feb 11 14:37:27 1992 ylo
- * 
+ *
 * Functions for computing 32-bit CRC.
- * 
+ *
 */
-/* RCSID("$Id: crc32.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: crc32.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */
 #ifndef CRC32_H
 #define CRC32_H
diff --git a/dispatch.c b/dispatch.c
new file mode 100644
index 000000000..50f11f3cc
--- /dev/null
+++ b/dispatch.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Markus Friedl.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+RCSID("$Id: dispatch.c,v 1.3 2000/04/16 01:18:42 damien Exp $");
+#include "ssh.h"
+#include "dispatch.h"
+#include "packet.h"
+#define DISPATCH_MIN    0
+#define DISPATCH_MAX    255
+dispatch_fn *dispatch[DISPATCH_MAX];
+void
+dispatch_protocol_error(int type, int plen)
+{
+        error("Hm, dispatch protocol error: type %d plen %d", type, plen);
+}
+void
+dispatch_init(dispatch_fn *dflt)
+{
+        int i;
+        for (i = 0; i < DISPATCH_MAX; i++)
+                dispatch[i] = dflt;
+}
+void
+dispatch_set(int type, dispatch_fn *fn)
+{
+        dispatch[type] = fn;
+}
+void
+dispatch_run(int mode, int *done)
+{
+        for (;;) {
+                int plen;
+                int type;
+                if (mode == DISPATCH_BLOCK) {
+                        type = packet_read(&plen);
+                } else {
+                        type = packet_read_poll(&plen);
+                        if (type == SSH_MSG_NONE)
+                                return;
+                }
+                if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL)
+                        (*dispatch[type])(type, plen);
+                else
+                        packet_disconnect("protocol error: rcvd type %d", type);        
+                if (done != NULL && *done)
+                        return;
+        }
+}
diff --git a/dsa.c b/dsa.c
index 935435677..778d43d59 100644
--- a/dsa.c
+++ b/dsa.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: dsa.c,v 1.3 2000/04/12 09:39:10 markus Exp $");
+RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -108,7 +108,7 @@ dsa_load_private(char *filename)
        in = BIO_new(BIO_s_file());
        if (in == NULL)
                fatal("BIO_new failed");
-        if (BIO_read_filename(in, filename) <= 0) 
+        if (BIO_read_filename(in, filename) <= 0)
                fatal("BIO_read failed %s: %s", filename, strerror(errno));
        fprintf(stderr, "read DSA private key\n");
        dsa = PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
@@ -182,9 +182,9 @@ dsa_sign(
        sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
-        rlen = BN_num_bytes(sig->r);
+        rlen = BN_num_bytes(sig->r);
-        slen = BN_num_bytes(sig->s);
+        slen = BN_num_bytes(sig->s);
-        if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
+        if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
                error("bad sig size %d %d", rlen, slen);
                DSA_SIG_free(sig);
                return -1;
diff --git a/getput.h b/getput.h
index 9ab5a22c1..22235f5d9 100644
--- a/getput.h
+++ b/getput.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * getput.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Wed Jun 28 22:36:30 1995 ylo
- * 
+ *
 * Macros for storing and retrieving data in msb first and lsb first order.
- * 
+ *
 */
-/* RCSID("$Id: getput.h,v 1.2 1999/11/24 13:26:22 damien Exp $"); */
+/* RCSID("$Id: getput.h,v 1.3 2000/04/16 01:18:42 damien Exp $"); */
 #ifndef GETPUT_H
 #define GETPUT_H
@@ -21,7 +21,7 @@
 /*------------ macros for storing/extracting msb first words -------------*/
 #define GET_32BIT(cp) (((unsigned long)(unsigned char)(cp)[0] << 24) | \
-                       ((unsigned long)(unsigned char)(cp)[1] << 16) | \
+                       ((unsigned long)(unsigned char)(cp)[1] << 16) | \
                       ((unsigned long)(unsigned char)(cp)[2] << 8) | \
                       ((unsigned long)(unsigned char)(cp)[3]))
diff --git a/hostfile.c b/hostfile.c
index c594c29aa..b027075af 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * hostfile.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Thu Jun 29 07:10:56 1995 ylo
- * 
+ *
 * Functions for manipulating the known hosts files.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.15 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.16 2000/04/14 10:30:31 markus Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
diff --git a/hostfile.h b/hostfile.h
index 64fe185da..c9bdd7f2e 100644
--- a/hostfile.h
+++ b/hostfile.h
@@ -10,7 +10,7 @@
 typedef enum {
        HOST_OK, HOST_NEW, HOST_CHANGED
 }       HostStatus;
-HostStatus 
+HostStatus
 check_host_in_hostfile(const char *filename, const char *host, Key *key, Key *found);
 /*
diff --git a/includes.h b/includes.h
index 746e76e58..512266762 100644
--- a/includes.h
+++ b/includes.h
@@ -1,16 +1,16 @@
 /*
- * 
+ *
 * includes.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Thu Mar 23 16:29:37 1995 ylo
- * 
+ *
 * This file includes most of the needed system headers.
- * 
+ *
 */
 #ifndef INCLUDES_H
diff --git a/kex.c b/kex.c
index c747b6c4a..4b5266937 100644
--- a/kex.c
+++ b/kex.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: kex.c,v 1.4 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: kex.c,v 1.5 2000/04/16 01:18:43 damien Exp $");
 #include "ssh.h"
 #include "ssh2.h"
@@ -149,12 +149,12 @@ void
 dump_digest(unsigned char *digest, int len)
 {
        int i;
-        for (i = 0; i< len; i++){
+        for (i = 0; i< len; i++){
-                fprintf(stderr, "%02x", digest[i]);
+                fprintf(stderr, "%02x", digest[i]);
                if(i%2!=0)
                        fprintf(stderr, " ");
        }
-        fprintf(stderr, "\n");
+        fprintf(stderr, "\n");
 }
 unsigned char *
@@ -201,7 +201,7 @@ kex_hash(
        buffer_free(&b);
 #ifdef DEBUG_KEX
-        dump_digest(digest, evp_md->md_size);
+        dump_digest(digest, evp_md->md_size);
 #endif
        return digest;
 }
@@ -345,7 +345,7 @@ choose_kex(Kex *k, char *client, char *server)
        k->name = get_match(client, server);
        if (k->name == NULL)
                fatal("no kex alg");
-        if (strcmp(k->name, KEX_DH1) != 0)
+        if (strcmp(k->name, KEX_DH1) != 0)
                fatal("bad kex alg %s", k->name);
 }
 void
diff --git a/log-client.c b/log-client.c
index 11ac45d7a..e86a2e330 100644
--- a/log-client.c
+++ b/log-client.c
@@ -1,21 +1,21 @@
 /*
- * 
+ *
 * log-client.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Mon Mar 20 21:13:40 1995 ylo
- * 
+ *
 * Client-side versions of debug(), log(), etc.  These print to stderr.
 * This is a stripped down version of log-server.c.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: log-client.c,v 1.5 2000/03/09 10:27:50 damien Exp $");
+RCSID("$Id: log-client.c,v 1.6 2000/04/16 01:18:43 damien Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
diff --git a/log-server.c b/log-server.c
index 476e49f80..9070b6530 100644
--- a/log-server.c
+++ b/log-server.c
@@ -1,21 +1,21 @@
 /*
- * 
+ *
 * log-server.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Mon Mar 20 21:19:30 1995 ylo
- * 
+ *
 * Server-side versions of debug(), log(), etc.  These normally send the output
 * to the system log.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: log-server.c,v 1.8 2000/04/01 01:09:24 damien Exp $");
+RCSID("$Id: log-server.c,v 1.9 2000/04/16 01:18:43 damien Exp $");
 #include <syslog.h>
 #include "packet.h"
@@ -38,7 +38,7 @@ static int log_facility = LOG_AUTH;
 *   level      logging level
 */
-void 
+void
 log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
 {
        switch (level) {
diff --git a/login.c b/login.c
index da11b245f..b4a8bafca 100644
--- a/login.c
+++ b/login.c
@@ -1,24 +1,24 @@
 /*
- * 
+ *
 * login.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Fri Mar 24 14:51:08 1995 ylo
- * 
+ *
 * This file performs some of the things login(1) normally does.  We cannot
 * easily use something like login -p -h host -f user, because there are
 * several different logins around, and it is hard to determined what kind of
 * login the current system has.  Also, we want to be able to execute commands
 * on a tty.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: login.c,v 1.22 2000/02/02 08:17:41 damien Exp $");
+RCSID("$Id: login.c,v 1.23 2000/04/16 01:18:43 damien Exp $");
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 # include <utmpx.h>
@@ -49,7 +49,7 @@ RCSID("$Id: login.c,v 1.22 2000/02/02 08:17:41 damien Exp $");
 * is found).  The name of the host used last time is returned in buf.
 */
-unsigned long 
+unsigned long
 get_last_login_time(uid_t uid, const char *logname,
                    char *buf, unsigned int bufsize)
 {
@@ -135,7 +135,7 @@ get_last_login_time(uid_t uid, const char *logname,
 * were more standardized.
 */
-void 
+void
 record_login(int pid, const char *ttyname, const char *user, uid_t uid,
             const char *host, struct sockaddr * addr)
 {
@@ -273,7 +273,7 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
 /* Records that the user has logged out. */
-void 
+void
 record_logout(int pid, const char *ttyname)
 {
 #ifdef HAVE_LIBUTIL_LOGIN
diff --git a/match.c b/match.c
index b72efca7e..ef9498599 100644
--- a/match.c
+++ b/match.c
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * match.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Thu Jun 22 01:17:50 1995 ylo
- * 
+ *
 * Simple pattern matching, with '*' and '?' as wildcards.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: match.c,v 1.4 2000/03/26 03:04:53 damien Exp $");
+RCSID("$Id: match.c,v 1.5 2000/04/16 01:18:43 damien Exp $");
 #include "ssh.h"
@@ -23,7 +23,7 @@ RCSID("$Id: match.c,v 1.4 2000/03/26 03:04:53 damien Exp $");
 * and * as wildcards), and zero if it does not match.
 */
-int 
+int
 match_pattern(const char *s, const char *pattern)
 {
        for (;;) {
diff --git a/mpaux.c b/mpaux.c
index 8ce89dcc4..4deefe689 100644
--- a/mpaux.c
+++ b/mpaux.c
@@ -1,21 +1,21 @@
 /*
- * 
+ *
 * mpaux.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sun Jul 16 04:29:30 1995 ylo
- * 
+ *
 * This file contains various auxiliary functions related to multiple
 * precision integers.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: mpaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $");
+RCSID("$Id: mpaux.c,v 1.11 2000/04/16 01:18:43 damien Exp $");
 #include "getput.h"
 #include "xmalloc.h"
diff --git a/mpaux.h b/mpaux.h
index 105bc3148..d3e24cfd6 100644
--- a/mpaux.h
+++ b/mpaux.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * mpaux.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sun Jul 16 04:29:30 1995 ylo
- * 
+ *
 * This file contains various auxiliary functions related to multiple
 * precision integers.
 */
-/* RCSID("$Id: mpaux.h,v 1.4 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: mpaux.h,v 1.5 2000/04/16 01:18:43 damien Exp $"); */
 #ifndef MPAUX_H
 #define MPAUX_H
@@ -23,7 +23,7 @@
 * session id is computed by concatenating the linearized, msb first
 * representations of host_key_n, session_key_n, and the cookie.
 */
-void 
+void
 compute_session_id(unsigned char session_id[16],
    unsigned char cookie[8],
    BIGNUM * host_key_n,
diff --git a/nchan.c b/nchan.c
index 3795d8ad4..f2dace0e4 100644
--- a/nchan.c
+++ b/nchan.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: nchan.c,v 1.7 2000/04/04 04:39:02 damien Exp $");
+RCSID("$Id: nchan.c,v 1.8 2000/04/16 01:18:43 damien Exp $");
 #include "ssh.h"
@@ -389,11 +389,11 @@ chan_delete_if_full_closed2(Channel *c)
                if (!(c->flags & CHAN_CLOSE_SENT)) {
                        chan_send_close2(c);
                }
-                if ((c->flags & CHAN_CLOSE_SENT) && 
+                if ((c->flags & CHAN_CLOSE_SENT) &&
                    (c->flags & CHAN_CLOSE_RCVD)) {
                        debug("channel %d: full closed2", c->self);
                        channel_free(c->self);
-                } 
+                }
        }
 }
diff --git a/packet.c b/packet.c
index b0dfe4aa7..cb8fa15b4 100644
--- a/packet.c
+++ b/packet.c
@@ -1,14 +1,14 @@
 /*
- * 
+ *
 * packet.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sat Mar 18 02:40:40 1995 ylo
- * 
+ *
 * This file contains code implementing the packet protocol and communication
 * with the other side.  This same code is used both on client and server side.
 *
@@ -17,7 +17,7 @@
 */
 #include "includes.h"
-RCSID("$Id: packet.c,v 1.17 2000/04/13 02:26:37 damien Exp $");
+RCSID("$Id: packet.c,v 1.18 2000/04/16 01:18:43 damien Exp $");
 #ifdef HAVE_OPENSSL
 # include <openssl/bn.h>
@@ -529,7 +529,7 @@ packet_send2()
        unsigned int packet_length = 0;
        unsigned int i, padlen, len;
        u_int32_t rand = 0;
-        static unsigned int seqnr = 0;
+        static unsigned int seqnr = 0;
        int type;
        Enc *enc   = NULL;
        Mac *mac   = NULL;
@@ -611,9 +611,9 @@ packet_send2()
        fprintf(stderr, "encrypted: ");
        buffer_dump(&output);
 #endif
-        /* increment sequence number for outgoing packets */
+        /* increment sequence number for outgoing packets */
-        if (++seqnr == 0)
+        if (++seqnr == 0)
-                log("outgoing seqnr wraps around");
+                log("outgoing seqnr wraps around");
        buffer_clear(&outgoing_packet);
        if (type == SSH2_MSG_NEWKEYS) {
@@ -877,7 +877,7 @@ packet_read_poll2(int *payload_len_ptr)
         * compute MAC over seqnr and packet,
         * increment sequence number for incoming packet
         */
-        if (mac && mac->enabled) {
+        if (mac && mac->enabled) {
                macbuf = hmac( mac->md, seqnr,
                    (unsigned char *) buffer_ptr(&incoming_packet),
                    buffer_len(&incoming_packet),
@@ -888,8 +888,8 @@ packet_read_poll2(int *payload_len_ptr)
                DBG(debug("HMAC #%d ok", seqnr));
                buffer_consume(&input, mac->mac_len);
        }
-        if (++seqnr == 0)
+        if (++seqnr == 0)
-                log("incoming seqnr wraps around");
+                log("incoming seqnr wraps around");
        /* get padlen */
        cp = buffer_ptr(&incoming_packet) + 4;
@@ -1063,6 +1063,12 @@ packet_get_raw(int *length_ptr)
        return buffer_ptr(&incoming_packet);
 }
+int
+packet_remaining(void)
+{
+        return buffer_len(&incoming_packet);
+}
 /*
 * Returns a string from the packet data.  The string is allocated using
 * xmalloc; it is the responsibility of the calling program to free it when
diff --git a/packet.h b/packet.h
index 565a9bd36..93495bbfc 100644
--- a/packet.h
+++ b/packet.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * packet.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sat Mar 18 02:02:14 1995 ylo
- * 
+ *
 * Interface for the packet protocol functions.
- * 
+ *
 */
-/* RCSID("$Id: packet.h,v 1.13 2000/04/13 02:26:37 damien Exp $"); */
+/* RCSID("$Id: packet.h,v 1.14 2000/04/16 01:18:44 damien Exp $"); */
 #ifndef PACKET_H
 #define PACKET_H
@@ -52,7 +52,7 @@ void    packet_close(void);
 * key is used for both sending and reception.  However, both directions are
 * encrypted independently of each other.  Cipher types are defined in ssh.h.
 */
-void 
+void
 packet_set_encryption_key(const unsigned char *key, unsigned int keylen,
    int cipher_type);
@@ -201,6 +201,16 @@ do { \
  } \
 } while (0)
+#define packet_done() \
+do { \
+        int _len = packet_remaining(); \
+        if (_len > 0) { \
+                log("Packet integrity error (%d bytes remaining) at %s:%d", \
+                    _len ,__FILE__, __LINE__); \
+                packet_disconnect("Packet integrity error."); \
+        } \
+} while (0)
 /* remote host is connected via a socket/ipv4 */
 int     packet_connection_is_on_socket(void);
 int     packet_connection_is_ipv4(void);
@@ -208,4 +218,7 @@ int	packet_connection_is_ipv4(void);
 /* enable SSH2 packet format */
 void    packet_set_ssh2_format(void);
+/* returns remaining payload bytes */
+int     packet_remaining(void);
 #endif                          /* PACKET_H */
diff --git a/pty.c b/pty.c
index c34f1f5dc..c6af6f471 100644
--- a/pty.c
+++ b/pty.c
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * pty.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Fri Mar 17 04:37:25 1995 ylo
- * 
+ *
 * Allocating a pseudo-terminal, and making it the controlling tty.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: pty.c,v 1.17 2000/03/17 12:58:59 damien Exp $");
+RCSID("$Id: pty.c,v 1.18 2000/04/16 01:18:44 damien Exp $");
 #ifdef HAVE_UTIL_H
 # include <util.h>
@@ -46,7 +46,7 @@ RCSID("$Id: pty.c,v 1.17 2000/03/17 12:58:59 damien Exp $");
 * returned (the buffer must be able to hold at least 64 characters).
 */
-int 
+int
 pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 {
 #if defined(HAVE_OPENPTY) || defined(BSD4_4)
@@ -186,7 +186,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 /* Releases the tty.  Its ownership is returned to root, and permissions to 0666. */
-void 
+void
 pty_release(const char *ttyname)
 {
        if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0)
@@ -197,7 +197,7 @@ pty_release(const char *ttyname)
 /* Makes the tty the processes controlling tty and sets it to sane modes. */
-void 
+void
 pty_make_controlling_tty(int *ttyfd, const char *ttyname)
 {
        int fd;
@@ -250,7 +250,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
 /* Changes the window size associated with the pty. */
-void 
+void
 pty_change_window_size(int ptyfd, int row, int col,
                       int xpixel, int ypixel)
 {
diff --git a/pty.h b/pty.h
index af6c279d7..a9bdeaee8 100644
--- a/pty.h
+++ b/pty.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * pty.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Fri Mar 17 05:03:28 1995 ylo
- * 
+ *
 * Functions for allocating a pseudo-terminal and making it the controlling
 * tty.
 */
-/* RCSID("$Id: pty.h,v 1.7 2000/04/01 01:09:25 damien Exp $"); */
+/* RCSID("$Id: pty.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */
 #ifndef PTY_H
 #define PTY_H
@@ -39,7 +39,7 @@ void    pty_release(const char *ttyname);
 void    pty_make_controlling_tty(int *ttyfd, const char *ttyname);
 /* Changes the window size associated with the pty. */
-void 
+void
 pty_change_window_size(int ptyfd, int row, int col,
    int xpixel, int ypixel);
diff --git a/radix.c b/radix.c
index ea7f5ba2b..84e390fd1 100644
--- a/radix.c
+++ b/radix.c
@@ -1,10 +1,10 @@
 /*
 *   radix.c
- * 
+ *
 *   base-64 encoding pinched from lynx2-7-2, who pinched it from rpem.
 *   Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991
 *   and placed in the public domain.
- * 
+ *
 *   Dug Song <dugsong@UMICH.EDU>
 */
@@ -23,7 +23,7 @@ char six2pr[64] = {
 unsigned char pr2six[256];
-int 
+int
 uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded)
 {
        /* ENC is the basic 1 character encoding function to make a char printing */
@@ -49,7 +49,7 @@ uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded)
        return (outptr - bufcoded);
 }
-int 
+int
 uudecode(const char *bufcoded, unsigned char *bufplain, int outbufsize)
 {
        /* single character decode */
@@ -162,7 +162,7 @@ typedef unsigned short my_u_short;
 }
-int 
+int
 creds_to_radix(CREDENTIALS *creds, unsigned char *buf)
 {
        char *p, *s;
@@ -216,7 +216,7 @@ creds_to_radix(CREDENTIALS *creds, unsigned char *buf)
        return (uuencode((unsigned char *)temp, len, (char *)buf));
 }
-int 
+int
 radix_to_creds(const char *buf, CREDENTIALS *creds)
 {
diff --git a/readconf.c b/readconf.c
index 1ba70c36a..3b75290f3 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * readconf.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sat Apr 22 00:03:10 1995 ylo
- * 
+ *
 * Functions for reading the configuration files.
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: readconf.c,v 1.10 2000/04/12 10:17:40 damien Exp $");
+RCSID("$Id: readconf.c,v 1.11 2000/04/16 01:18:44 damien Exp $");
 #include "ssh.h"
 #include "cipher.h"
@@ -167,7 +167,7 @@ static struct {
 * error.
 */
-void 
+void
 add_local_forward(Options *options, u_short port, const char *host,
                  u_short host_port)
 {
@@ -188,7 +188,7 @@ add_local_forward(Options *options, u_short port, const char *host,
 * an error.
 */
-void 
+void
 add_remote_forward(Options *options, u_short port, const char *host,
                   u_short host_port)
 {
@@ -207,7 +207,7 @@ add_remote_forward(Options *options, u_short port, const char *host,
 * returns if the token is not known.
 */
-static OpCodes 
+static OpCodes
 parse_token(const char *cp, const char *filename, int linenum)
 {
        unsigned int i;
@@ -567,7 +567,7 @@ parse_int:
 * there is an error.  If the file does not exist, this returns immediately.
 */
-void 
+void
 read_config_file(const char *filename, const char *host, Options *options)
 {
        FILE *f;
@@ -607,7 +607,7 @@ read_config_file(const char *filename, const char *host, Options *options)
 * system config file.  Last, fill_default_options is called.
 */
-void 
+void
 initialize_options(Options * options)
 {
        memset(options, 'X', sizeof(*options));
@@ -658,7 +658,7 @@ initialize_options(Options * options)
 * options for which no value has been specified with their default values.
 */
-void 
+void
 fill_default_options(Options * options)
 {
        if (options->forward_agent == -1)
diff --git a/readconf.h b/readconf.h
index 86f342d37..0582a8f2e 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * readconf.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sat Apr 22 00:25:29 1995 ylo
- * 
+ *
 * Functions for reading the configuration file.
- * 
+ *
 */
-/* RCSID("$Id: readconf.h,v 1.7 2000/04/12 10:17:40 damien Exp $"); */
+/* RCSID("$Id: readconf.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */
 #ifndef READCONF_H
 #define READCONF_H
@@ -106,7 +106,7 @@ void    fill_default_options(Options * options);
 * only sets those values that have not already been set. Returns 0 for legal
 * options
 */
-int 
+int
 process_config_line(Options * options, const char *host,
    char *line, const char *filename, int linenum,
    int *activep);
@@ -116,7 +116,7 @@ process_config_line(Options * options, const char *host,
 * should already be initialized before this call.  This never returns if
 * there is an error.  If the file does not exist, this returns immediately.
 */
-void 
+void
 read_config_file(const char *filename, const char *host,
    Options * options);
@@ -124,7 +124,7 @@ read_config_file(const char *filename, const char *host,
 * Adds a local TCP/IP port forward to options.  Never returns if there is an
 * error.
 */
-void 
+void
 add_local_forward(Options * options, u_short port, const char *host,
    u_short host_port);
@@ -132,7 +132,7 @@ add_local_forward(Options * options, u_short port, const char *host,
 * Adds a remote TCP/IP port forward to options.  Never returns if there is
 * an error.
 */
-void 
+void
 add_remote_forward(Options * options, u_short port, const char *host,
    u_short host_port);
diff --git a/readpass.c b/readpass.c
index edeb23864..e3402b480 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,7 +32,7 @@
 */
 #include "includes.h"
-RCSID("$Id: readpass.c,v 1.5 2000/01/22 08:47:21 damien Exp $");
+RCSID("$Id: readpass.c,v 1.6 2000/04/16 01:18:44 damien Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
@@ -58,7 +58,7 @@ read_passphrase(const char *prompt, int from_stdin)
        sigset_t oset, nset;
        struct sigaction sa, osa;
        int input, output, echo = 0;
-  
        if (from_stdin) {
                input = STDIN_FILENO;
                output = STDERR_FILENO;
diff --git a/rsa.c b/rsa.c
index 0385a102c..1e8c434f9 100644
--- a/rsa.c
+++ b/rsa.c
@@ -1,41 +1,41 @@
 /*
- * 
+ *
 * rsa.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Fri Mar  3 22:07:06 1995 ylo
- * 
+ *
 * Description of the RSA algorithm can be found e.g. from the following sources:
- * 
+ *
 *   Bruce Schneier: Applied Cryptography.  John Wiley & Sons, 1994.
- * 
+ *
 *   Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
 *   Computer Security.  Prentice-Hall, 1989.
- * 
+ *
 *   Man Young Rhee: Cryptography and Secure Data Communications.  McGraw-Hill,
 *   1994.
- * 
+ *
 *   R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
 *   System and Method.  US Patent 4,405,829, 1983.
- * 
+ *
 *   Hans Riesel: Prime Numbers and Computer Methods for Factorization.
 *   Birkhauser, 1994.
- * 
+ *
 *   The RSA Frequently Asked Questions document by RSA Data Security, Inc., 1995.
- * 
+ *
 *   RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as included
 *   below:
- * 
+ *
 *     [gone - had to be deleted - what a pity]
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: rsa.c,v 1.13 2000/04/04 04:57:08 damien Exp $");
+RCSID("$Id: rsa.c,v 1.14 2000/04/16 01:18:45 damien Exp $");
 #include "rsa.h"
 #include "ssh.h"
diff --git a/rsa.h b/rsa.h
index bc6c7f10a..e819c5f23 100644
--- a/rsa.h
+++ b/rsa.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * rsa.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Fri Mar  3 22:01:06 1995 ylo
- * 
+ *
 * RSA key generation, encryption and decryption.
- * 
+ *
 */
-/* RCSID("$Id: rsa.h,v 1.7 2000/04/13 02:26:37 damien Exp $"); */
+/* RCSID("$Id: rsa.h,v 1.8 2000/04/16 01:18:45 damien Exp $"); */
 #ifndef RSA_H
 #define RSA_H
diff --git a/scp.c b/scp.c
index 9f1015249..2bd3ed2bd 100644
--- a/scp.c
+++ b/scp.c
@@ -1,13 +1,13 @@
 /*
- * 
+ *
 * scp - secure remote copy.  This is basically patched BSD rcp which uses ssh
 * to do the data transfer (instead of using rcmd).
- * 
+ *
 * NOTE: This version should NOT be suid root.  (This uses ssh to do the transfer
 * and ssh has the necessary privileges.)
- * 
+ *
 * 1995 Timo Rinne <tri@iki.fi>, Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 */
 /*
@@ -45,7 +45,7 @@
 */
 #include "includes.h"
-RCSID("$Id: scp.c,v 1.18 2000/03/17 12:40:16 damien Exp $");
+RCSID("$Id: scp.c,v 1.19 2000/04/16 01:18:45 damien Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -109,7 +109,7 @@ char *port = NULL;
 * assigns the input and output file descriptors on success.
 */
-int 
+int
 do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
 {
        int pin[2], pout[2], reserved[2];
@@ -194,7 +194,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
        return 0;
 }
-void 
+void
 fatal(const char *fmt,...)
 {
        va_list ap;
@@ -257,10 +257,10 @@ main(argc, argv)
                switch (ch) {
                /* User-visible flags. */
                case '4':
-                        IPv4 = 1;
+                        IPv4 = 1;
                        break;
                case '6':
-                        IPv6 = 1;
+                        IPv6 = 1;
                        break;
                case 'p':
                        pflag = 1;
@@ -1008,7 +1008,7 @@ run_err(const char *fmt,...)
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *      $Id: scp.c,v 1.18 2000/03/17 12:40:16 damien Exp $
+ *      $Id: scp.c,v 1.19 2000/04/16 01:18:45 damien Exp $
 */
 char *
diff --git a/servconf.c b/servconf.c
index 918fb8ed2..fe72d2757 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,18 +1,18 @@
 /*
- * 
+ *
 * servconf.c
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Mon Aug 21 15:48:58 1995 ylo
- * 
+ *
 */
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.11 2000/04/12 10:17:40 damien Exp $");
+RCSID("$Id: servconf.c,v 1.12 2000/04/16 01:18:45 damien Exp $");
 #include "ssh.h"
 #include "servconf.h"
@@ -24,7 +24,7 @@ void add_listen_addr(ServerOptions *options, char *addr);
 /* Initializes the server options to their default values. */
-void 
+void
 initialize_server_options(ServerOptions *options)
 {
        memset(options, 0, sizeof(*options));
@@ -73,7 +73,7 @@ initialize_server_options(ServerOptions *options)
        options->protocol = SSH_PROTO_UNKNOWN;
 }
-void 
+void
 fill_default_server_options(ServerOptions *options)
 {
        if (options->num_ports == 0)
@@ -226,7 +226,7 @@ static struct {
 * returns if the token is not known.
 */
-static ServerOpCodes 
+static ServerOpCodes
 parse_token(const char *cp, const char *filename,
            int linenum)
 {
@@ -244,7 +244,7 @@ parse_token(const char *cp, const char *filename,
 /*
 * add listen address
 */
-void 
+void
 add_listen_addr(ServerOptions *options, char *addr)
 {
        extern int IPv4or6;
@@ -274,7 +274,7 @@ add_listen_addr(ServerOptions *options, char *addr)
 /* Reads the server configuration file. */
-void 
+void
 read_server_config(ServerOptions *options, const char *filename)
 {
        FILE *f;
@@ -310,7 +310,7 @@ read_server_config(ServerOptions *options, const char *filename)
                                    "ListenAdress.\n", filename, linenum);
                        if (options->num_ports >= MAX_PORTS)
                                fatal("%s line %d: too many ports.\n",
-                                    filename, linenum);
+                                    filename, linenum);
                        cp = strtok(NULL, WHITESPACE);
                        if (!cp)
                                fatal("%s line %d: missing port number.\n",
diff --git a/servconf.h b/servconf.h
index 2a3686245..b8e8163dd 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * servconf.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Mon Aug 21 15:35:03 1995 ylo
- * 
+ *
 * Definitions for server configuration data and for the functions reading it.
- * 
+ *
 */
-/* RCSID("$Id: servconf.h,v 1.8 2000/04/12 10:17:40 damien Exp $"); */
+/* RCSID("$Id: servconf.h,v 1.9 2000/04/16 01:18:45 damien Exp $"); */
 #ifndef SERVCONF_H
 #define SERVCONF_H
diff --git a/serverloop.c b/serverloop.c
index 0ea57faa0..a7abbe404 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -59,7 +59,7 @@ static volatile int child_wait_status;	/* Status from wait(). */
 void    server_init_dispatch(void);
-void 
+void
 sigchld_handler(int sig)
 {
        int save_errno = errno;
@@ -78,7 +78,7 @@ sigchld_handler(int sig)
        signal(SIGCHLD, sigchld_handler);
        errno = save_errno;
 }
-void 
+void
 sigchld_handler2(int sig)
 {
        int save_errno = errno;
@@ -92,7 +92,7 @@ sigchld_handler2(int sig)
 * Make packets from buffered stderr data, and buffer it for sending
 * to the client.
 */
-void 
+void
 make_packets_from_stderr_data()
 {
        int len;
@@ -121,7 +121,7 @@ make_packets_from_stderr_data()
 * Make packets from buffered stdout data, and buffer it for sending to the
 * client.
 */
-void 
+void
 make_packets_from_stdout_data()
 {
        int len;
@@ -152,7 +152,7 @@ make_packets_from_stdout_data()
 * have data or can accept data.  Optionally, a maximum time can be specified
 * for the duration of the wait (0 = infinite).
 */
-void 
+void
 wait_until_can_do_something(fd_set * readset, fd_set * writeset,
                            unsigned int max_time_milliseconds)
 {
@@ -246,7 +246,7 @@ retry_select:
 * Processes input from the client and the program.  Input data is stored
 * in buffers and processed later.
 */
-void 
+void
 process_input(fd_set * readset)
 {
        int len;
@@ -299,7 +299,7 @@ process_input(fd_set * readset)
 /*
 * Sends data from internal buffers to client program stdin.
 */
-void 
+void
 process_output(fd_set * writeset)
 {
        int len;
@@ -334,7 +334,7 @@ process_output(fd_set * writeset)
 * Wait until all buffered output has been sent to the client.
 * This is used when the program terminates.
 */
-void 
+void
 drain_output()
 {
        /* Send any buffered stdout data to the client. */
@@ -359,7 +359,7 @@ drain_output()
        packet_write_wait();
 }
-void 
+void
 process_buffered_input_packets()
 {
        dispatch_run(DISPATCH_NONBLOCK, NULL);
@@ -372,7 +372,7 @@ process_buffered_input_packets()
 * stdin (of the child program), and reads from stdout and stderr (of the
 * child program).
 */
-void 
+void
 server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg)
 {
        int wait_status, wait_pid;      /* Status and pid returned by wait(). */
@@ -604,7 +604,7 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg)
        /* NOTREACHED */
 }
-void 
+void
 server_loop2(void)
 {
        fd_set readset, writeset;
@@ -697,16 +697,17 @@ int
 input_direct_tcpip(void)
 {
        int sock;
-        char *host, *originator;
+        char *target, *originator;
-        int host_port, originator_port;
+        int target_port, originator_port;
-        host = packet_get_string(NULL);
+        target = packet_get_string(NULL);
-        host_port = packet_get_int();
+        target_port = packet_get_int();
        originator = packet_get_string(NULL);
        originator_port = packet_get_int();
+        packet_done();
        /* XXX check permission */
-        sock = channel_connect_to(host, host_port);
+        sock = channel_connect_to(target, target_port);
-        xfree(host);
+        xfree(target);
        xfree(originator);
        if (sock < 0)
                return -1;
@@ -714,7 +715,7 @@ input_direct_tcpip(void)
            sock, sock, -1, 4*1024, 32*1024, 0, xstrdup("direct-tcpip"));
 }
-void 
+void
 server_input_channel_open(int type, int plen)
 {
        Channel *c = NULL;
@@ -735,6 +736,7 @@ server_input_channel_open(int type, int plen)
        if (strcmp(ctype, "session") == 0) {
                debug("open session");
+                packet_done();
                /*
                 * A server session has no fd to read or write
                 * until a CHANNEL_REQUEST for a shell is made,
@@ -783,7 +785,7 @@ server_input_channel_open(int type, int plen)
        xfree(ctype);
 }
-void 
+void
 server_init_dispatch_20()
 {
        debug("server_init_dispatch_20");
@@ -798,7 +800,7 @@ server_init_dispatch_20()
        dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
        dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
 }
-void 
+void
 server_init_dispatch_13()
 {
        debug("server_init_dispatch_13");
@@ -813,7 +815,7 @@ server_init_dispatch_13()
        dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
        dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
 }
-void 
+void
 server_init_dispatch_15()
 {
        server_init_dispatch_13();
@@ -821,7 +823,7 @@ server_init_dispatch_15()
        dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
        dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
 }
-void 
+void
 server_init_dispatch()
 {
        if (compat20)
diff --git a/session.c b/session.c
index 835a46945..8d8ff223e 100644
--- a/session.c
+++ b/session.c
@@ -8,7 +8,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.2 2000/04/06 08:55:22 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.4 2000/04/14 10:30:33 markus Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
@@ -113,7 +113,7 @@ xauthfile_cleanup_proc(void *ignore)
 * Function to perform cleanup if we get aborted abnormally (e.g., due to a
 * dropped connection).
 */
-void 
+void
 pty_cleanup_proc(void *session)
 {
        Session *s=session;
@@ -136,7 +136,7 @@ pty_cleanup_proc(void *session)
 * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
 * are requested, etc.
 */
-void 
+void
 do_authenticated(struct passwd * pw)
 {
        Session *s;
@@ -366,7 +366,7 @@ do_authenticated(struct passwd * pw)
 * will call do_child from the child, and server_loop from the parent after
 * setting up file descriptors and such.
 */
-void 
+void
 do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
 {
        int pid;
@@ -487,7 +487,7 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
 * setting up file descriptors, controlling tty, updating wtmp, utmp,
 * lastlog, and other such operations.
 */
-void 
+void
 do_exec_pty(Session *s, const char *command, struct passwd * pw)
 {
        FILE *f;
@@ -660,7 +660,7 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
 * Sets the value of the given variable in the environment.  If the variable
 * already exists, its value is overriden.
 */
-void 
+void
 child_set_env(char ***envp, unsigned int *envsizep, const char *name,
              const char *value)
 {
@@ -701,7 +701,7 @@ child_set_env(char ***envp, unsigned int *envsizep, const char *name,
 * Otherwise, it must consist of empty lines, comments (line starts with '#')
 * and assignments of the form name=value.  No other forms are allowed.
 */
-void 
+void
 read_environment_file(char ***env, unsigned int *envsize,
                      const char *filename)
 {
@@ -770,7 +770,7 @@ void do_pam_environment(char ***env, int *envsize)
 * environment, closing extra file descriptors, setting the user and group
 * ids, and executing the command or shell.
 */
-void 
+void
 do_child(const char *command, struct passwd * pw, const char *term,
         const char *display, const char *auth_proto,
         const char *auth_data, const char *ttyname)
@@ -1202,6 +1202,7 @@ session_window_change_req(Session *s)
        s->row = packet_get_int();
        s->xpixel = packet_get_int();
        s->ypixel = packet_get_int();
+        packet_done();
        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
        return 1;
 }
@@ -1210,14 +1211,17 @@ int
 session_pty_req(Session *s)
 {
        unsigned int len;
+        char *term_modes;       /* encoded terminal modes */
        if (s->ttyfd != -1)
-                return -1;
+                return 0;
        s->term = packet_get_string(&len);
        s->col = packet_get_int();
        s->row = packet_get_int();
        s->xpixel = packet_get_int();
        s->ypixel = packet_get_int();
+        term_modes = packet_get_string(&len);
+        packet_done();
        if (strcmp(s->term, "") == 0) {
                xfree(s->term);
@@ -1230,7 +1234,8 @@ session_pty_req(Session *s)
                s->ptyfd = -1;
                s->ttyfd = -1;
                error("session_pty_req: session %d alloc failed", s->self);
-                return -1;
+                xfree(term_modes);
+                return 0;
        }
        debug("session_pty_req: session %d alloc %s", s->self, s->tty);
        /*
diff --git a/ssh-agent.c b/ssh-agent.c
index ecb44a229..66439461e 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $   */
+/*      $OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $   */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -9,7 +9,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $");
 #include "ssh.h"
 #include "rsa.h"
@@ -412,7 +412,7 @@ prepare_select(fd_set *readset, fd_set *writeset)
                }
 }
-void 
+void
 after_select(fd_set *readset, fd_set *writeset)
 {
        unsigned int i;
@@ -646,8 +646,8 @@ main(int ac, char **av)
        }
        signal(SIGINT, SIG_IGN);
        signal(SIGPIPE, SIG_IGN);
-        signal(SIGHUP, cleanup_exit);                                          
+        signal(SIGHUP, cleanup_exit);
-        signal(SIGTERM, cleanup_exit);                                          
+        signal(SIGTERM, cleanup_exit);
        while (1) {
                FD_ZERO(&readset);
                FD_ZERO(&writeset);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 81070d2ef..f2484a4b1 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -7,7 +7,7 @@
 */
 #include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.12 2000/03/17 12:40:17 damien Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.13 2000/04/16 01:18:46 damien Exp $");
 #include "rsa.h"
 #include "ssh.h"
@@ -508,7 +508,7 @@ passphrase_again:
        if (identity_comment) {
                strlcpy(comment, identity_comment, sizeof(comment));
        } else {
-                /* Create default commend field for the passphrase. */
+                /* Create default commend field for the passphrase. */
                if (gethostname(hostname, sizeof(hostname)) < 0) {
                        perror("gethostname");
                        exit(1);
diff --git a/ssh.1 b/ssh.1
index 548339e6b..1d1a76cf7 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.21 2000/04/13 02:26:37 damien Exp $
+.\" $Id: ssh.1,v 1.22 2000/04/16 01:18:46 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -24,7 +24,7 @@
 .Op Ar command
 .Pp
 .Nm ssh
-.Op Fl afgknqtvxCPX46
+.Op Fl afgknqtvxCPX246
 .Op Fl c Ar blowfish | 3des
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
@@ -455,6 +455,10 @@ from the local machine.
 Port forwardings can also be specified in the configuration file.
 Privileged ports can be forwarded only when
 logging in as root on the remote machine.
+.It Fl 2
+Forces
+.Nm
+to use protocol version 2 only.
 .It Fl 4
 Forces
 .Nm
diff --git a/ssh.c b/ssh.c
index f23694247..456570fc4 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
 */
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.25 2000/04/12 10:17:40 damien Exp $");
+RCSID("$Id: ssh.c,v 1.26 2000/04/16 01:18:46 damien Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
@@ -138,6 +138,7 @@ usage()
        fprintf(stderr, "  -g          Allow remote hosts to connect to forwarded ports.\n");
        fprintf(stderr, "  -4          Use IPv4 only.\n");
        fprintf(stderr, "  -6          Use IPv6 only.\n");
+        fprintf(stderr, "  -2          Force protocol version 2.\n");
        fprintf(stderr, "  -o 'option' Process the option as if it was read from a configuration file.\n");
        exit(1);
 }
@@ -251,8 +252,8 @@ main(int ac, char **av)
                        if (host)
                                break;
                        if ((cp = strchr(av[optind], '@'))) {
-                                if(cp == av[optind])
+                                if(cp == av[optind])
-                                        usage();
+                                        usage();
                                options.user = av[optind];
                                *cp = '\0';
                                host = ++cp;
@@ -276,39 +277,34 @@ main(int ac, char **av)
                        optarg = NULL;
                }
                switch (opt) {
+                case '2':
+                        options.protocol = SSH_PROTO_2;
+                        break;
                case '4':
                        IPv4or6 = AF_INET;
                        break;
                case '6':
                        IPv4or6 = AF_INET6;
                        break;
                case 'n':
                        stdin_null_flag = 1;
                        break;
                case 'f':
                        fork_after_authentication_flag = 1;
                        stdin_null_flag = 1;
                        break;
                case 'x':
                        options.forward_x11 = 0;
                        break;
                case 'X':
                        options.forward_x11 = 1;
                        break;
                case 'g':
                        options.gateway_ports = 1;
                        break;
                case 'P':
                        options.use_privileged_port = 0;
                        break;
                case 'a':
                        options.forward_agent = 0;
                        break;
@@ -330,11 +326,9 @@ main(int ac, char **av)
                        options.identity_files[options.num_identity_files++] =
                                xstrdup(optarg);
                        break;
                case 't':
                        tty_flag = 1;
                        break;
                case 'v':
                case 'V':
                        fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n",
@@ -347,11 +341,9 @@ main(int ac, char **av)
                        debug_flag = 1;
                        options.log_level = SYSLOG_LEVEL_DEBUG;
                        break;
                case 'q':
                        options.log_level = SYSLOG_LEVEL_QUIET;
                        break;
                case 'e':
                        if (optarg[0] == '^' && optarg[2] == 0 &&
                            (unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128)
@@ -365,7 +357,6 @@ main(int ac, char **av)
                                exit(1);
                        }
                        break;
                case 'c':
                        options.cipher = cipher_number(optarg);
                        if (options.cipher == -1) {
@@ -373,15 +364,12 @@ main(int ac, char **av)
                                exit(1);
                        }
                        break;
                case 'p':
                        options.port = atoi(optarg);
                        break;
                case 'l':
                        options.user = optarg;
                        break;
                case 'R':
                        if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
                            &fwd_host_port) != 3 &&
@@ -393,7 +381,6 @@ main(int ac, char **av)
                        }
                        add_remote_forward(&options, fwd_port, buf, fwd_host_port);
                        break;
                case 'L':
                        if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
                            &fwd_host_port) != 3 &&
@@ -405,27 +392,22 @@ main(int ac, char **av)
                        }
                        add_local_forward(&options, fwd_port, buf, fwd_host_port);
                        break;
                case 'C':
                        options.compression = 1;
                        break;
                case 'N':
                        no_shell_flag = 1;
                        no_tty_flag = 1;
                        break;
                case 'T':
                        no_tty_flag = 1;
                        break;
                case 'o':
                        dummy = 1;
                        if (process_config_line(&options, host ? host : "", optarg,
                                         "command-line", 0, &dummy) != 0)
                                exit(1);
                        break;
                default:
                        usage();
                }
@@ -634,7 +616,7 @@ main(int ac, char **av)
        /* Expand ~ in known host file names. */
        options.system_hostfile = tilde_expand_filename(options.system_hostfile,
-                                                        original_real_uid);
+                                                        original_real_uid);
        options.user_hostfile = tilde_expand_filename(options.user_hostfile,
                                                      original_real_uid);
@@ -803,7 +785,7 @@ ssh_session(void)
                      options.local_forwards[i].host,
                      options.local_forwards[i].host_port);
                channel_request_local_forwarding(options.local_forwards[i].port,
-                                                 options.local_forwards[i].host,
+                                                 options.local_forwards[i].host,
                                                 options.local_forwards[i].host_port,
                                                 options.gateway_ports);
        }
@@ -816,11 +798,11 @@ ssh_session(void)
                      options.remote_forwards[i].host_port);
                channel_request_remote_forwarding(options.remote_forwards[i].port,
                                                  options.remote_forwards[i].host,
-                                                  options.remote_forwards[i].host_port);
+                                                  options.remote_forwards[i].host_port);
        }
        /* If requested, let ssh continue in the background. */
-        if (fork_after_authentication_flag) 
+        if (fork_after_authentication_flag)
                if (daemon(1, 1) < 0)
                        fatal("daemon() failed: %.200s", strerror(errno));
@@ -859,7 +841,7 @@ init_local_fwd(void)
                      options.local_forwards[i].host,
                      options.local_forwards[i].host_port);
                channel_request_local_forwarding(options.local_forwards[i].port,
-                                                 options.local_forwards[i].host,
+                                                 options.local_forwards[i].host,
                                                 options.local_forwards[i].host_port,
                                                 options.gateway_ports);
        }
diff --git a/ssh.h b/ssh.h
index ea2dc032c..57fcf57b9 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,19 +1,19 @@
 /*
- * 
+ *
 * ssh.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Fri Mar 17 17:09:37 1995 ylo
- * 
+ *
 * Generic header file for ssh.
- * 
+ *
 */
-/* RCSID("$Id: ssh.h,v 1.31 2000/04/12 10:17:41 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.32 2000/04/16 01:18:47 damien Exp $"); */
 #ifndef SSH_H
 #define SSH_H
@@ -279,7 +279,7 @@
 * information is not available.  This must be called before record_login.
 * The host from which the user logged in is stored in buf.
 */
-unsigned long 
+unsigned long
 get_last_login_time(uid_t uid, const char *logname,
    char *buf, unsigned int bufsize);
@@ -287,7 +287,7 @@ get_last_login_time(uid_t uid, const char *logname,
 * Records that the user has logged in.  This does many things normally done
 * by login(1).
 */
-void 
+void
 record_login(int pid, const char *ttyname, const char *user, uid_t uid,
    const char *host, struct sockaddr *addr);
@@ -308,7 +308,7 @@ void    record_logout(int pid, const char *ttyname);
 * and zero on failure.  If the connection is successful, this calls
 * packet_set_connection for the connection.
 */
-int 
+int
 ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
    u_short port, int connection_attempts,
    int anonymous, uid_t original_real_uid,
@@ -323,7 +323,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 * references from the packet module).
 */
-void 
+void
 ssh_login(int host_key_valid, RSA * host_key, const char *host,
    struct sockaddr * hostaddr, uid_t original_real_uid);
@@ -340,7 +340,7 @@ int     auth_rhosts(struct passwd * pw, const char *client_user);
 * Tries to authenticate the user using the .rhosts file and the host using
 * its host key.  Returns true if authentication succeeds.
 */
-int 
+int
 auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
 /*
@@ -409,7 +409,7 @@ char   *read_passphrase(const char *prompt, int from_stdin);
 * precede the key to provide identification of the key without needing a
 * passphrase.
 */
-int 
+int
 save_private_key(const char *filename, const char *passphrase,
    RSA * private_key, const char *comment);
@@ -419,7 +419,7 @@ save_private_key(const char *filename, const char *passphrase,
 * comment of the key is returned in comment_return if it is non-NULL; the
 * caller must free the value with xfree.
 */
-int 
+int
 load_public_key(const char *filename, RSA * pub,
    char **comment_return);
@@ -430,7 +430,7 @@ load_public_key(const char *filename, RSA * pub,
 * comment_return if it is non-NULL; the caller must free the value with
 * xfree.
 */
-int 
+int
 load_private_key(const char *filename, const char *passphrase,
    RSA * private_key, char **comment_return);
diff --git a/ssh2.h b/ssh2.h
index cc659f847..cf684bacf 100644
--- a/ssh2.h
+++ b/ssh2.h
@@ -1,31 +1,31 @@
 /*
- * draft-ietf-secsh-architecture-04.txt 
+ * draft-ietf-secsh-architecture-04.txt
 *
 *   Transport layer protocol:
- * 
+ *
 *     1-19     Transport layer generic (e.g. disconnect, ignore, debug,
 *              etc)
 *     20-29    Algorithm negotiation
 *     30-49    Key exchange method specific (numbers can be reused for
 *              different authentication methods)
- * 
+ *
 *   User authentication protocol:
- * 
+ *
 *     50-59    User authentication generic
 *     60-79    User authentication method specific (numbers can be reused
 *              for different authentication methods)
- * 
+ *
 *   Connection protocol:
- * 
+ *
 *     80-89    Connection protocol generic
 *     90-127   Channel related messages
- * 
+ *
 *   Reserved for client protocols:
- * 
+ *
 *     128-191  Reserved
- * 
+ *
 *   Local extensions:
- * 
+ *
 *     192-255  Local extensions
 */
diff --git a/sshconnect.c b/sshconnect.c
index 675de6102..bca0bf43a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -250,7 +250,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                        debug("Trying again...");
                /* Loop through addresses for this host, and try each one in
-                   sequence until the connection succeeds. */
+                   sequence until the connection succeeds. */
                for (ai = aitop; ai; ai = ai->ai_next) {
                        if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
                                continue;
@@ -264,7 +264,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                                host, ntop, strport);
                        /* Create a socket for connecting. */
-                        sock = ssh_create_socket(original_real_uid, 
+                        sock = ssh_create_socket(original_real_uid,
                            !anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
                            ai->ai_family);
                        if (sock < 0)
@@ -1059,7 +1059,7 @@ ssh_exchange_identification()
                        break;
                }
                /* FALLTHROUGH */
-        default: 
+        default:
                mismatch = 1;
                break;
        }
@@ -1363,13 +1363,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        debug("Sending KEX init.");
        if (options.ciphers != NULL) {
-                myproposal[PROPOSAL_ENC_ALGS_CTOS] = 
+                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
        } else if (
            options.cipher == SSH_CIPHER_ARCFOUR ||
-            options.cipher == SSH_CIPHER_3DES_CBC ||
+            options.cipher == SSH_CIPHER_3DES_CBC ||
-            options.cipher == SSH_CIPHER_CAST128_CBC ||
+            options.cipher == SSH_CIPHER_CAST128_CBC ||
-            options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+            options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
        }
@@ -1411,6 +1411,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        debug("first kex follow == %d", i);
        i = packet_get_int();
        debug("reserved == %d", i);
+        packet_done();
        debug("done read kexinit");
        kex = kex_choose_conf(cprop, sprop, 0);
@@ -1434,7 +1435,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        fprintf(stderr, "\npub= ");
        bignum_print(dh->pub_key);
        fprintf(stderr, "\n");
-        DHparams_print_fp(stderr, dh);
+        DHparams_print_fp(stderr, dh);
 #endif
        debug("Wait SSH2_MSG_KEXDH_REPLY.");
@@ -1466,6 +1467,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        /* signed H */
        signature = packet_get_string(&slen);
+        packet_done();
        if (!dh_pub_is_valid(dh, dh_server_pub))
                packet_disconnect("bad server public DH value");
@@ -1475,14 +1477,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        kout = DH_compute_key(kbuf, dh_server_pub, dh);
 #ifdef DEBUG_KEXDH
        debug("shared secret: len %d/%d", klen, kout);
-        fprintf(stderr, "shared secret == ");
+        fprintf(stderr, "shared secret == ");
-        for (i = 0; i< kout; i++)
+        for (i = 0; i< kout; i++)
-                fprintf(stderr, "%02x", (kbuf[i])&0xff);
+                fprintf(stderr, "%02x", (kbuf[i])&0xff);
-        fprintf(stderr, "\n");
+        fprintf(stderr, "\n");
 #endif
-        shared_secret = BN_new();
+        shared_secret = BN_new();
-        BN_bin2bn(kbuf, kout, shared_secret);
+        BN_bin2bn(kbuf, kout, shared_secret);
        memset(kbuf, 0, klen);
        xfree(kbuf);
@@ -1502,10 +1504,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        xfree(client_kexinit);
        xfree(server_kexinit);
 #ifdef DEBUG_KEXDH
-        fprintf(stderr, "hash == ");
+        fprintf(stderr, "hash == ");
-        for (i = 0; i< 20; i++)
+        for (i = 0; i< 20; i++)
-                fprintf(stderr, "%02x", (hash[i])&0xff);
+                fprintf(stderr, "%02x", (hash[i])&0xff);
-        fprintf(stderr, "\n");
+        fprintf(stderr, "\n");
 #endif
        dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20);
        key_free(server_host_key);
@@ -1518,6 +1520,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        debug("Wait SSH2_MSG_NEWKEYS.");
        packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
+        packet_done();
        debug("GOT SSH2_MSG_NEWKEYS.");
        debug("send SSH2_MSG_NEWKEYS.");
@@ -1551,7 +1554,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
        char *server_user, *local_user;
        char *auths;
        char *password;
-        char *service = "ssh-connection";               // service name
+        char *service = "ssh-connection";               /* service name */
        debug("send SSH2_MSG_SERVICE_REQUEST");
        packet_start(SSH2_MSG_SERVICE_REQUEST);
@@ -1563,8 +1566,15 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
        if (type != SSH2_MSG_SERVICE_ACCEPT) {
                fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
        }
-        /* payload empty for ssh-2.0.13 ?? */
+        if (packet_remaining() > 0) {
-        /* reply = packet_get_string(&payload_len); */
+                char *reply = packet_get_string(&plen);
+                debug("service_accept: %s", reply);
+                xfree(reply);
+        } else {
+                /* payload empty for ssh-2.0.13 ?? */
+                log("buggy server: service_accept w/o service");
+        }
+        packet_done();
        debug("got SSH2_MSG_SERVICE_ACCEPT");
        /*XX COMMONCODE: */
@@ -1593,6 +1603,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
                auths = packet_get_string(&dlen);
                debug("authentications that can continue: %s", auths);
                partial = packet_get_char();
+                packet_done();
                if (partial)
                        debug("partial success");
                if (strstr(auths, "password") == NULL)
@@ -1613,6 +1624,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
                packet_send();
                packet_write_wait();
        }
+        packet_done();
        debug("ssh-userauth2 successfull");
 }
diff --git a/sshd.c b/sshd.c
index cd5760ecb..cc6bee96a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.104 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.105 2000/04/14 10:30:33 markus Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -67,7 +67,7 @@ ServerOptions options;
 /* Name of the server configuration file. */
 char *config_file_name = SERVER_CONFIG_FILE;
-/* 
+/*
 * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
 * Default value is AF_UNSPEC means both IPv4 and IPv6.
 */
@@ -162,7 +162,7 @@ close_listen_socks(void)
 * the effect is to reread the configuration file (and to regenerate
 * the server key).
 */
-void 
+void
 sighup_handler(int sig)
 {
        received_sighup = 1;
@@ -173,7 +173,7 @@ sighup_handler(int sig)
 * Called from the main program after receiving SIGHUP.
 * Restarts the server.
 */
-void 
+void
 sighup_restart()
 {
        log("Received SIGHUP; restarting.");
@@ -188,7 +188,7 @@ sighup_restart()
 * These close the listen socket; not closing it seems to cause "Address
 * already in use" problems on some machines, which is inconvenient.
 */
-void 
+void
 sigterm_handler(int sig)
 {
        log("Received signal %d; terminating.", sig);
@@ -200,7 +200,7 @@ sigterm_handler(int sig)
 * SIGCHLD handler.  This is called whenever a child dies.  This will then
 * reap any zombies left by exited c.
 */
-void 
+void
 main_sigchld_handler(int sig)
 {
        int save_errno = errno;
@@ -216,7 +216,7 @@ main_sigchld_handler(int sig)
 /*
 * Signal handler for the alarm after the login grace period has expired.
 */
-void 
+void
 grace_alarm_handler(int sig)
 {
        /* Close the connection. */
@@ -233,7 +233,7 @@ grace_alarm_handler(int sig)
 * Thus there should be no concurrency control/asynchronous execution
 * problems.
 */
-void 
+void
 key_regeneration_alarm(int sig)
 {
        int save_errno = errno;
@@ -266,15 +266,15 @@ key_regeneration_alarm(int sig)
 char *
 chop(char *s)
 {
-        char *t = s;
+        char *t = s;
-        while (*t) {
+        while (*t) {
-                if(*t == '\n' || *t == '\r') {
+                if(*t == '\n' || *t == '\r') {
-                        *t = '\0';
+                        *t = '\0';
-                        return s;
+                        return s;
-                }
+                }
-                t++;
+                t++;
-        }
+        }
-        return s;
+        return s;
 }
@@ -337,7 +337,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
         */
        if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
            &remote_major, &remote_minor, remote_version) != 3) {
-                s = "Protocol mismatch.\n";
+                s = "Protocol mismatch.\n";
                (void) atomicio(write, sock_out, s, strlen(s));
                close(sock_in);
                close(sock_out);
@@ -377,7 +377,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                        break;
                }
                /* FALLTHROUGH */
-        default: 
+        default:
                mismatch = 1;
                break;
        }
@@ -719,8 +719,8 @@ main(int ac, char **av)
                for (i = 0; i < num_listen_socks; i++)
                        if (listen_socks[i] > maxfd)
                                maxfd = listen_socks[i];
-                fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);         
+                fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
-                fdset = (fd_set *)xmalloc(fdsetsz);                                  
+                fdset = (fd_set *)xmalloc(fdsetsz);
                /*
                 * Stay listening for connections until the system crashes or
@@ -1018,7 +1018,7 @@ do_ssh1_kex()
        /* Get cipher type and check whether we accept this. */
        cipher_type = packet_get_char();
-        if (!(cipher_mask() & (1 << cipher_type)))
+        if (!(cipher_mask() & (1 << cipher_type)))
                packet_disconnect("Warning: client selects unsupported cipher.");
        /* Get check bytes from the packet.  These must match those we
@@ -1145,7 +1145,7 @@ do_ssh2_kex()
 /* KEXINIT */
        if (options.ciphers != NULL) {
-                myproposal[PROPOSAL_ENC_ALGS_CTOS] = 
+                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
        }
@@ -1258,10 +1258,10 @@ do_ssh2_kex()
        xfree(client_kexinit);
        xfree(server_kexinit);
 #ifdef DEBUG_KEXDH
-        fprintf(stderr, "hash == ");
+        fprintf(stderr, "hash == ");
-        for (i = 0; i< 20; i++)
+        for (i = 0; i< 20; i++)
-                fprintf(stderr, "%02x", (hash[i])&0xff);
+                fprintf(stderr, "%02x", (hash[i])&0xff);
-        fprintf(stderr, "\n");
+        fprintf(stderr, "\n");
 #endif
        /* sign H */
        dsa_sign(server_host_key, &signature, &slen, hash, 20);
diff --git a/ttymodes.c b/ttymodes.c
index fffc6d5bf..647c66035 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$Id: ttymodes.c,v 1.3 1999/11/25 00:54:59 damien Exp $");
+RCSID("$Id: ttymodes.c,v 1.4 2000/04/16 01:18:49 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -23,7 +23,7 @@ RCSID("$Id: ttymodes.c,v 1.3 1999/11/25 00:54:59 damien Exp $");
 * Converts POSIX speed_t to a baud rate.  The values of the
 * constants for speed_t are not themselves portable.
 */
-static int 
+static int
 speed_to_baud(speed_t speed)
 {
        switch (speed) {
@@ -112,7 +112,7 @@ speed_to_baud(speed_t speed)
 /*
 * Converts a numeric baud rate to a POSIX speed_t.
 */
-static speed_t 
+static speed_t
 baud_to_speed(int baud)
 {
        switch (baud) {
@@ -203,7 +203,7 @@ baud_to_speed(int baud)
 * in a portable manner, and appends the modes to a packet
 * being constructed.
 */
-void 
+void
 tty_make_modes(int fd)
 {
        struct termios tio;
@@ -247,7 +247,7 @@ tty_make_modes(int fd)
 * Decodes terminal modes for the terminal referenced by fd in a portable
 * manner from a packet being read.
 */
-void 
+void
 tty_parse_modes(int fd, int *n_bytes_ptr)
 {
        struct termios tio;
diff --git a/ttymodes.h b/ttymodes.h
index 79726aa47..41aad79d6 100644
--- a/ttymodes.h
+++ b/ttymodes.h
@@ -1,18 +1,18 @@
 /*
- * 
+ *
 * ttymodes.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 *      SGTTY stuff contributed by Janne Snabb <snabb@niksula.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Tue Mar 21 15:42:09 1995 ylo
- * 
+ *
 */
-/* RCSID("$Id: ttymodes.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: ttymodes.h,v 1.4 2000/04/16 01:18:49 damien Exp $"); */
 /* The tty mode description is a stream of bytes.  The stream consists of
 * opcode-arguments pairs.  It is terminated by opcode TTY_OP_END (0).
diff --git a/uidswap.c b/uidswap.c
index ca9e28eb7..e57be3a3d 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -7,7 +7,7 @@
 */
 #include "includes.h"
-RCSID("$Id: uidswap.c,v 1.4 2000/01/20 13:18:16 damien Exp $");
+RCSID("$Id: uidswap.c,v 1.5 2000/04/16 01:18:49 damien Exp $");
 #include "ssh.h"
 #include "uidswap.h"
@@ -35,7 +35,7 @@ static uid_t saved_euid = 0;
 * Temporarily changes to the given uid.  If the effective user
 * id is not root, this does nothing.  This call cannot be nested.
 */
-void 
+void
 temporarily_use_uid(uid_t uid)
 {
 #ifdef SAVED_IDS_WORK_WITH_SETEUID
@@ -59,7 +59,7 @@ temporarily_use_uid(uid_t uid)
 /*
 * Restores to the original uid.
 */
-void 
+void
 restore_uid()
 {
 #ifdef SAVED_IDS_WORK_WITH_SETEUID
@@ -80,7 +80,7 @@ restore_uid()
 * Permanently sets all uids to the given uid.  This cannot be
 * called while temporarily_use_uid is effective.
 */
-void 
+void
 permanently_set_uid(uid_t uid)
 {
        if (setuid(uid) < 0)
diff --git a/uidswap.h b/uidswap.h
index 4755710de..c08a37004 100644
--- a/uidswap.h
+++ b/uidswap.h
@@ -1,15 +1,15 @@
 /*
- * 
+ *
 * uidswap.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Sat Sep  9 01:43:15 1995 ylo
 * Last modified: Sat Sep  9 02:34:04 1995 ylo
- * 
+ *
 */
 #ifndef UIDSWAP_H
diff --git a/xmalloc.c b/xmalloc.c
index 0f1c43051..fb29a62e9 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -8,7 +8,7 @@
 */
 #include "includes.h"
-RCSID("$Id: xmalloc.c,v 1.2 1999/11/24 13:26:23 damien Exp $");
+RCSID("$Id: xmalloc.c,v 1.3 2000/04/16 01:18:49 damien Exp $");
 #include "ssh.h"
@@ -34,7 +34,7 @@ xrealloc(void *ptr, size_t new_size)
        return new_ptr;
 }
-void 
+void
 xfree(void *ptr)
 {
        if (ptr == NULL)
diff --git a/xmalloc.h b/xmalloc.h
index 94280b118..a5603522d 100644
--- a/xmalloc.h
+++ b/xmalloc.h
@@ -1,20 +1,20 @@
 /*
- * 
+ *
 * xmalloc.h
- * 
+ *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
- * 
+ *
 * Created: Mon Mar 20 22:09:17 1995 ylo
- * 
+ *
 * Versions of malloc and friends that check their results, and never return
 * failure (they call fatal if they encounter an error).
- * 
+ *
 */
-/* RCSID("$Id: xmalloc.h,v 1.2 1999/11/24 13:26:23 damien Exp $"); */
+/* RCSID("$Id: xmalloc.h,v 1.3 2000/04/16 01:18:49 damien Exp $"); */
 #ifndef XMALLOC_H
 #define XMALLOC_H
author	Damien Miller <djm@mindrot.org>	2000-04-16 11:18:38 +1000
committer	Damien Miller <djm@mindrot.org>	2000-04-16 11:18:38 +1000
commit	4af51306d9a51459a5bef922df1037f876ae51fe (patch)
tree	09ecfc215fce82345a3259f8a0f384b9a67906f0
parent	5d1705ecf9bd3216dc99a84242bcdf2e7297d307 (diff)