4 files changed, 25 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 91415641f..5810944b1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@
   - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
     [ttymodes.c ttymodes.h]
     remove unused sgtty macros; ok markus@
+   - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
+     [compat.c compat.h sshconnect.c]
+     all known netscreen ssh versions, and older versions of OSU ssh cannot
+     handle password padding (newer OSU is fixed)
 20010310
 - OpenBSD CVS Sync
@@ -4480,4 +4484,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.936 2001/03/10 17:17:28 mouring Exp $
+$Id: ChangeLog,v 1.937 2001/03/10 17:22:20 mouring Exp $
diff --git a/compat.c b/compat.c
index 38fc52605..5f0d7cd0c 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.37 2001/03/08 21:42:31 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $");
 #ifdef HAVE_LIBPCRE
 #  include <pcreposix.h>
@@ -84,13 +84,19 @@ compat_datafellows(const char *version)
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
                                        SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
                                        SSH_BUG_PKAUTH|SSH_BUG_PKOK },
-                { "^2\\.[23]\\.0",      SSH_BUG_HMAC},
+                { "^2\\.[23]\\.0",      SSH_BUG_HMAC },
                { "^2\\.[2-9]\\.",      0 },
-                { "^2\\.4$",            SSH_OLD_SESSIONID}, /* Van Dyke */
+                { "^2\\.4$",            SSH_OLD_SESSIONID },    /* Van Dyke */
-                { "^3\\.0 SecureCRT",   SSH_OLD_SESSIONID},
+                { "^3\\.0 SecureCRT",   SSH_OLD_SESSIONID },
-                { "^1\\.7 SecureFX",    SSH_OLD_SESSIONID},
+                { "^1\\.7 SecureFX",    SSH_OLD_SESSIONID },
-                { "^1\\.2\\.1[89]",     SSH_BUG_IGNOREMSG},
+                { "^1\\.2\\.1[89]",     SSH_BUG_IGNOREMSG },
-                { "^1\\.2\\.2[012]",    SSH_BUG_IGNOREMSG},
+                { "^1\\.2\\.2[012]",    SSH_BUG_IGNOREMSG },
+                { "^SSH Compatible Server",                     /* Netscreen */
+                                        SSH_BUG_PASSWORDPAD },
+                { "^OSU_0",             SSH_BUG_PASSWORDPAD },
+                { "^OSU_1\\.[0-4]",     SSH_BUG_PASSWORDPAD },
+                { "^OSU_1\\.5alpha[1-3]",
+                                        SSH_BUG_PASSWORDPAD },
                { NULL,                 0 }
        };
        /* process table, return first match */
diff --git a/compat.h b/compat.h
index 9359d4b79..a1fdbe764 100644
--- a/compat.h
+++ b/compat.h
@@ -21,7 +21,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$OpenBSD: compat.h,v 1.16 2001/03/08 21:42:32 markus Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */
 #ifndef COMPAT_H
 #define COMPAT_H
@@ -41,6 +41,7 @@
 #define SSH_BUG_BANNER          0x0080
 #define SSH_BUG_IGNOREMSG       0x0100
 #define SSH_BUG_PKOK            0x0200
+#define SSH_BUG_PASSWORDPAD     0x0400
 void    enable_compat13(void);
 void    enable_compat20(void);
diff --git a/sshconnect.c b/sshconnect.c
index 9962d49bd..573ae76b1 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.98 2001/03/04 17:42:28 millert Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.99 2001/03/10 15:31:00 deraadt Exp $");
 #include <openssl/bn.h>
@@ -777,6 +777,10 @@ ssh_put_password(char *password)
        int size;
        char *padded;
+        if (datafellows & SSH_BUG_PASSWORDPAD) {
+                packet_put_string(password, strlen(password));
+                return;
+        }
        size = roundup(strlen(password) + 1, 32);
        padded = xmalloc(size);
        memset(padded, 0, size);