4 files changed, 32 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 486ed9c5c..0969811ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -76,6 +76,12 @@
      [misc.h poly1305.h ssh-pkcs11.c defines.h]
      revert __bounded change; it causes way more problems for portable than
      it solves; pointed out by dtucker@
+   - markus@cvs.openbsd.org 2014/05/03 17:20:34
+     [monitor.c packet.c packet.h]
+     unbreak compression, by re-init-ing the compression code in the
+     post-auth child. the new buffer code is more strict, and requires
+     buffer_init() while the old code was happy after a bzero();
+     originally from djm@
 
 20140430
  - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
diff --git a/monitor.c b/monitor.c
index a38647d49..9391ae8d1 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.132 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.133 2014/05/03 17:20:34 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1811,6 +1811,8 @@ monitor_apply_keystate(struct monitor *pmonitor)
         if (options.compression)
                 mm_init_compression(pmonitor->m_zlib);
 
+        packet_set_postauth();
+
         if (options.rekey_limit || options.rekey_interval)
                 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
                     (time_t)options.rekey_interval);
diff --git a/packet.c b/packet.c
index c7c18f308..3dd66d7d9 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.195 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.196 2014/05/03 17:20:34 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2059,3 +2059,23 @@ packet_restore_state(void)
                 add_recv_bytes(len);
         }
 }
+
+/* Reset after_authentication and reset compression in post-auth privsep */
+void
+packet_set_postauth(void)
+{
+        Comp *comp;
+        int mode;
+
+        debug("%s: called", __func__);
+        /* This was set in net child, but is not visible in user child */
+        active_state->after_authentication = 1;
+        active_state->rekeying = 0;
+        for (mode = 0; mode < MODE_MAX; mode++) {
+                if (active_state->newkeys[mode] == NULL)
+                        continue;
+                comp = &active_state->newkeys[mode]->comp;
+                if (comp && comp->enabled)
+                        packet_init_compression();
+        }
+}
diff --git a/packet.h b/packet.h
index 1d6082a8a..e7b5fcba9 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.60 2014/04/28 03:09:18 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.61 2014/05/03 17:20:34 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -120,6 +120,7 @@ time_t	 packet_get_rekey_timeout(void);
 
 void     packet_backup_state(void);
 void     packet_restore_state(void);
+void     packet_set_postauth(void);
 
 void    *packet_get_input(void);
 void    *packet_get_output(void);