Makefile.in

@@ -433,15 +433,21 @@ uninstall:
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
 
 regress-prep:
-	[ -d `pwd`/regress ]  ||  mkdir -p `pwd`/regress
-	[ -d `pwd`/regress/unittests ]  ||  mkdir -p `pwd`/regress/unittests
-	[ -d `pwd`/regress/unittests/test_helper ]  || \
+	[ -d `pwd`/regress ] || mkdir -p `pwd`/regress
+	[ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests
+	[ -d `pwd`/regress/unittests/test_helper ] || \
 		mkdir -p `pwd`/regress/unittests/test_helper
-	[ -d `pwd`/regress/unittests/sshbuf ]  || \
+	[ -d `pwd`/regress/unittests/sshbuf ] || \
 		mkdir -p `pwd`/regress/unittests/sshbuf
-	[ -d `pwd`/regress/unittests/sshkey ]  || \
+	[ -d `pwd`/regress/unittests/sshkey ] || \
 		mkdir -p `pwd`/regress/unittests/sshkey
-	[ -f `pwd`/regress/Makefile ]  || \
+	[ -d `pwd`/regress/unittests/bitmap ] || \
+		mkdir -p `pwd`/regress/unittests/bitmap
+	[ -d `pwd`/regress/unittests/hostkeys ] || \
+		mkdir -p `pwd`/regress/unittests/hostkeys
+	[ -d `pwd`/regress/unittests/kex ] || \
+		mkdir -p `pwd`/regress/unittests/kex
+	[ -f `pwd`/regress/Makefile ] || \
 	    ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
 
 regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c

OVERVIEW

@@ -65,8 +65,8 @@ these programs.
       packets.  CRC code comes from crc32.c.
 
     - The code in packet.c calls the buffer manipulation routines
-      (buffer.c, bufaux.c), compression routines (compress.c, zlib),
-      and the encryption routines.
+      (buffer.c, bufaux.c), compression routines (zlib), and the
+      encryption routines.
 
   X11, TCP/IP, and Agent forwarding
 
@@ -165,4 +165,4 @@ these programs.
 	uidswap.c    uid-swapping
 	xmalloc.c    "safe" malloc routines
 
-$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
+$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $

PROTOCOL

@@ -175,7 +175,7 @@ whitelisted to receive this message upon request.
 
 OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
 channel type. This channel type supports forwarding of network packets
-with datagram boundaries intact between endpoints equipped with 
+with datagram boundaries intact between endpoints equipped with
 interfaces like the BSD tun(4) device. Tunnel forwarding channels are
 requested by the client with the following packet:
 
@@ -247,7 +247,6 @@ to request that the server make a connection to a Unix domain socket.
 	uint32		initial window size
 	uint32		maximum packet size
 	string		socket path
-	string		reserved for future use
 
 Similar to forwarded-tcpip, forwarded-streamlocal is sent by the
 server when the client has previously send the server a streamlocal-forward
@@ -282,15 +281,15 @@ by the client cancel the forwarding of a Unix domain socket.
 	boolean		FALSE
 	string		socket path
 
-2.5. connection: hostkey update and rotation "hostkeys@openssh.com"
-and "hostkeys-prove@openssh.com"
+2.5. connection: hostkey update and rotation "hostkeys-00@openssh.com"
+and "hostkeys-prove-00@openssh.com"
 
 OpenSSH supports a protocol extension allowing a server to inform
 a client of all its protocol v.2 host keys after user-authentication
 has completed.
 
 	byte		SSH_MSG_GLOBAL_REQUEST
-	string		"hostkeys@openssh.com"
+	string		"hostkeys-00@openssh.com"
 	string[]	hostkeys
 
 Upon receiving this message, a client should check which of the
@@ -300,15 +299,15 @@ to request the server prove ownership of the private half of the
 key.
 
 	byte		SSH_MSG_GLOBAL_REQUEST
-	string		"hostkeys-prove@openssh.com"
+	string		"hostkeys-prove-00@openssh.com"
 	char		1 /* want-reply */
 	string[]	hostkeys
 
 When a server receives this message, it should generate a signature
 using each requested key over the following:
 
+	string		"hostkeys-prove-00@openssh.com"
 	string		session identifier
-	string		"hostkeys-prove@openssh.com"
 	string		hostkey
 
 These signatures should be included in the reply, in the order matching
@@ -453,4 +452,4 @@ respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.26 2015/02/16 22:13:32 djm Exp $
+$OpenBSD: PROTOCOL,v 1.29 2015/07/17 03:09:19 djm Exp $

PROTOCOL.agent

@@ -413,7 +413,7 @@ It may be requested using this message:
 
 "rsa_e" and "rsa_n" are used to identify which private key to use.
 "encrypted_challenge" is a challenge blob that has (presumably)
-been encrypted with the public key and must be in the range 
+been encrypted with the public key and must be in the range
 1 <= encrypted_challenge < 2^256. "session_id" is the SSH protocol 1
 session ID (computed from the server host key, the server semi-ephemeral
 key and the session cookie).
@@ -557,4 +557,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys.
 	SSH_AGENT_CONSTRAIN_LIFETIME			1
 	SSH_AGENT_CONSTRAIN_CONFIRM			2
 
-$OpenBSD: PROTOCOL.agent,v 1.7 2013/01/02 00:33:49 djm Exp $
+$OpenBSD: PROTOCOL.agent,v 1.8 2015/05/08 03:56:51 djm Exp $

PROTOCOL.mux

@@ -116,6 +116,12 @@ A client may request the master to establish a port forward:
 
 forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC.
 
+If listen port is (unsigned int) -2, then the listen host is treated as
+a unix socket path name.
+
+If connect port is (unsigned int) -2, then the connect host is treated
+as a unix socket path name.
+
 A server may reply with a MUX_S_OK, a MUX_S_REMOTE_PORT, a
 MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE.
 
@@ -219,4 +225,4 @@ XXX inject packet (what about replies)
 XXX server->client error/warning notifications
 XXX send signals via mux
 
-$OpenBSD: PROTOCOL.mux,v 1.9 2012/06/01 00:49:35 djm Exp $
+$OpenBSD: PROTOCOL.mux,v 1.10 2015/07/17 03:04:27 djm Exp $

README

@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-6.7 for the release notes.
+See http://www.openssh.com/txt/release-6.9 for the release notes.
 
 - A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html

addrmatch.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: addrmatch.c,v 1.9 2014/01/19 11:21:51 dtucker Exp $ */
+/*	$OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -31,7 +31,6 @@
 
 #include "match.h"
 #include "log.h"
-#include "xmalloc.h"
 
 struct xaddr {
 	sa_family_t	af;

auth-chall.c

@@ -30,8 +30,6 @@
 #include <stdlib.h>
 #include <stdio.h>
 
-#include <stdarg.h>
-
 #include "xmalloc.h"
 #include "key.h"
 #include "hostfile.h"

auth-options.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.65 2015/01/14 10:30:34 markus Exp $ */
+/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -209,8 +209,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			goto next_option;
 		}
 		cp = "environment=\"";
-		if (options.permit_user_env &&
-		    strncasecmp(opts, cp, strlen(cp)) == 0) {
+		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
 			char *s;
 			struct envstring *new_envstring;
 
@@ -236,13 +235,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				goto bad_option;
 			}
 			s[i] = '\0';
-			auth_debug_add("Adding to environment: %.900s", s);
-			debug("Adding to environment: %.900s", s);
 			opts++;
-			new_envstring = xcalloc(1, sizeof(struct envstring));
-			new_envstring->s = s;
-			new_envstring->next = custom_environment;
-			custom_environment = new_envstring;
+			if (options.permit_user_env) {
+				auth_debug_add("Adding to environment: "
+				    "%.900s", s);
+				debug("Adding to environment: %.900s", s);
+				new_envstring = xcalloc(1,
+				    sizeof(*new_envstring));
+				new_envstring->s = s;
+				new_envstring->next = custom_environment;
+				custom_environment = new_envstring;
+				s = NULL;
+			}
+			free(s);
 			goto next_option;
 		}
 		cp = "from=\"";
@@ -583,35 +588,21 @@ auth_cert_options(struct sshkey *k, struct passwd *pw)
 	char *cert_forced_command = NULL;
 	int cert_source_address_done = 0;
 
-	if (sshkey_cert_is_legacy(k)) {
-		/* All options are in the one field for v00 certs */
-		if (parse_option_list(k->cert->critical, pw,
-		    OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1,
-		    &cert_no_port_forwarding_flag,
-		    &cert_no_agent_forwarding_flag,
-		    &cert_no_x11_forwarding_flag,
-		    &cert_no_pty_flag,
-		    &cert_no_user_rc,
-		    &cert_forced_command,
-		    &cert_source_address_done) == -1)
-			return -1;
-	} else {
-		/* Separate options and extensions for v01 certs */
-		if (parse_option_list(k->cert->critical, pw,
-		    OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
-		    &cert_forced_command,
-		    &cert_source_address_done) == -1)
-			return -1;
-		if (parse_option_list(k->cert->extensions, pw,
-		    OPTIONS_EXTENSIONS, 1,
-		    &cert_no_port_forwarding_flag,
-		    &cert_no_agent_forwarding_flag,
-		    &cert_no_x11_forwarding_flag,
-		    &cert_no_pty_flag,
-		    &cert_no_user_rc,
-		    NULL, NULL) == -1)
-			return -1;
-	}
+	/* Separate options and extensions for v01 certs */
+	if (parse_option_list(k->cert->critical, pw,
+	    OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
+	    &cert_forced_command,
+	    &cert_source_address_done) == -1)
+		return -1;
+	if (parse_option_list(k->cert->extensions, pw,
+	    OPTIONS_EXTENSIONS, 0,
+	    &cert_no_port_forwarding_flag,
+	    &cert_no_agent_forwarding_flag,
+	    &cert_no_x11_forwarding_flag,
+	    &cert_no_pty_flag,
+	    &cert_no_user_rc,
+	    NULL, NULL) == -1)
+		return -1;
 
 	no_port_forwarding_flag |= cert_no_port_forwarding_flag;
 	no_agent_forwarding_flag |= cert_no_agent_forwarding_flag;

auth-pam.c

@@ -738,7 +738,7 @@ sshpam_query(void *ctx, char **name, char **info,
 		case PAM_PROMPT_ECHO_OFF:
 			*num = 1;
 			len = plen + mlen + 1;
-			**prompts = xrealloc(**prompts, 1, len);
+			**prompts = xreallocarray(**prompts, 1, len);
 			strlcpy(**prompts + plen, msg, len - plen);
 			plen += mlen;
 			**echo_on = (type == PAM_PROMPT_ECHO_ON);
@@ -748,7 +748,7 @@ sshpam_query(void *ctx, char **name, char **info,
 		case PAM_TEXT_INFO:
 			/* accumulate messages */
 			len = plen + mlen + 2;
-			**prompts = xrealloc(**prompts, 1, len);
+			**prompts = xreallocarray(**prompts, 1, len);
 			strlcpy(**prompts + plen, msg, len - plen);
 			plen += mlen;
 			strlcat(**prompts + plen, "\n", len - plen);

auth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.109 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: auth.c,v 1.111 2015/05/01 04:17:51 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -331,13 +331,14 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 void
 auth_maxtries_exceeded(Authctxt *authctxt)
 {
-	packet_disconnect("Too many authentication failures for "
+	error("maximum authentication attempts exceeded for "
 	    "%s%.100s from %.200s port %d %s",
 	    authctxt->valid ? "" : "invalid user ",
 	    authctxt->user,
 	    get_remote_ipaddr(),
 	    get_remote_port(),
 	    compat20 ? "ssh2" : "ssh1");
+	packet_disconnect("Too many authentication failures");
 	/* NOTREACHED */
 }
 
@@ -399,8 +400,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
 char *
 authorized_principals_file(struct passwd *pw)
 {
-	if (options.authorized_principals_file == NULL ||
-	    strcasecmp(options.authorized_principals_file, "none") == 0)
+	if (options.authorized_principals_file == NULL)
 		return NULL;
 	return expand_authorized_keys(options.authorized_principals_file, pw);
 }

auth.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.82 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.84 2015/05/08 06:41:56 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -56,7 +56,7 @@ struct Authctxt {
 	int		 valid;		/* user exists and is allowed to login */
 	int		 attempt;
 	int		 failures;
-	int		 server_caused_failure; 
+	int		 server_caused_failure;
 	int		 force_pwchange;
 	char		*user;		/* username sent by the client */
 	char		*service;
@@ -126,7 +126,7 @@ int	 auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
 
 int	 auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
 int	 hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
-int	 user_key_allowed(struct passwd *, Key *);
+int	 user_key_allowed(struct passwd *, Key *, int);
 void	 pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
 	    __attribute__((__format__ (printf, 3, 4)));
 void	 auth2_record_userkey(Authctxt *, struct sshkey *);

auth2-hostbased.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -109,8 +109,7 @@ userauth_hostbased(Authctxt *authctxt)
 		goto done;
 	}
 	if (match_pattern_list(sshkey_ssh_name(key),
-	    options.hostbased_key_types,
-	    strlen(options.hostbased_key_types), 0) != 1) {
+	    options.hostbased_key_types, 0) != 1) {
 		logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
 		    __func__, sshkey_type(key));
 		goto done;