Import fmt_scaled.c rev 1.14 from OpenBSD.

Catch integer underflow in scan_scaled reported by Nicolas Iooss.
ok deraadt@ djm@

Add llabs() implementation.

sync fmt_scaled.c with OpenBSD

revision 1.13
date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
fix signed integer overflow in scan_sc

sync fmt_scaled.c with OpenBSD

revision 1.13
date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
using AFL against ssh_config. ok deraadt@ millert@
----------------------------
revision 1.12
date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
fairly simple unsigned char casts for ctype
ok krw
----------------------------
revision 1.11
date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
an invalid multiplier, like the man page says it should

"looks sensible" deraadt@, ok ian@
----------------------------
revision 1.10
date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
use llabs instead of the home-grown version; and some comment changes
ok ian@, millert@
----------------------------

show more ...

Remove commented-out includes.

These commented-out includes have "Still needed?" comments. Since
they've been commented out for ~13 years I assert that they're not.

Add prototype for strcasestr in compat library.

Add strcasestr to compat library.

Fixes build on (at least) Solaris 10.

Move OPENSSL_NO_RIPEMD160 to compat.

Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
ripemd160 MACs.

Use !=NULL instead of >0 for getdefaultproj.

getdefaultproj() returns a pointer so test it for NULL inequality
instead of >0. Fixes compiler warning and is more correct. Patch from

Use !=NULL instead of >0 for getdefaultproj.

getdefaultproj() returns a pointer so test it for NULL inequality
instead of >0. Fixes compiler warning and is more correct. Patch from
David Binderman.

show more ...

Import readpassphrase.c rev 1.26.

Author: miller@openbsd.org:
Avoid generate SIGTTOU when restoring the terminal mode. If we get
SIGTTOU it means the process is not in the foregroun

Import readpassphrase.c rev 1.26.

Author: miller@openbsd.org:
Avoid generate SIGTTOU when restoring the terminal mode. If we get
SIGTTOU it means the process is not in the foreground process group
which, in most cases, means that the shell has taken control of the tty.
Requiring the user the fg the process in this case doesn't make sense
and can result in both SIGTSTP and SIGTTOU being sent which can lead to
the process being suspended again immediately after being brought into
the foreground.

show more ...

Import readpassphrase.c rev 1.25.

Wrap <readpassphrase.h> so internal calls go direct and
readpassphrase is weak.

(DEF_WEAK is a no-op in portable.)

Move DEF_WEAK into defines.h.

As well pull in more recent changes from OpenBSD these will start to
arrive so put it where the definition is shared.

Import rev 1.24 from OpenBSD.

revision 1.24
date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4;
most obvious unsigned char casts for ctype
ok jca krw ingo

Import rev 1.23 from OpenBSD. Fixes bz#2619.

revision 1.23
date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39;
Defer installing signal handlers until echo is

Import rev 1.23 from OpenBSD. Fixes bz#2619.

revision 1.23
date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39;
Defer installing signal handlers until echo is disabled so that we
get suspended normally when not the foreground process. Fix potential
infinite loop when restoring terminal settings if process is in the
background when restore occurs. OK miod@

show more ...

If we don't have TCSASOFT, define it to zero.

This makes it a no-op when we use it below, which allows us to re-sync
those lines with the upstream and make future updates easier.

Remove portability support for mmap

We no longer need to wrap/replace mmap for portability now that
pre-auth compression has been removed from OpenSSH.

Remove obsolete CVS $Id from source files.

Since -portable switched to git the CVS $Id tags are no longer being
updated and are becoming increasingly misleading. Remove them.

fix false positives when compiled with msan

Our explicit_bzero successfully confused clang -fsanitize-memory
in to thinking that memset is never called to initialise memory.
Ensure t

fix false positives when compiled with msan

Our explicit_bzero successfully confused clang -fsanitize-memory
in to thinking that memset is never called to initialise memory.
Ensure that it is called in a way that the compiler recognises.

show more ...

Replace spaces with tabs.

Mechanically replace spaces with tabs in compat files not synced with
OpenBSD.

Strip trailing whitespace.

Mechanically strip trailing whitespace on files not synced with OpenBSD
(or in the case of bsd-snprint.c, rsync).

Repair $OpenBSD markers.

Repair $OpenBSD marker.

Search users for one with a valid salt.

If the root account is locked (eg password "!!" or "*LK*") keep looking
until we find a user with a valid salt to use for crypting passwords of

Search users for one with a valid salt.

If the root account is locked (eg password "!!" or "*LK*") keep looking
until we find a user with a valid salt to use for crypting passwords of
invalid users. ok djm@

show more ...

cast to avoid type warning in error message

Move VA_COPY macro into compat header.

Some AIX compilers unconditionally undefine va_copy but don't set it back
to an internal function, causing link errors. In some compat code we

Move VA_COPY macro into compat header.

Some AIX compilers unconditionally undefine va_copy but don't set it back
to an internal function, causing link errors. In some compat code we
already use VA_COPY instead so move the two existing instances into the
shared header and use for sshbuf-getput-basic.c too. Should fix building
with at lease some versions of AIX's compiler. bz#2589, ok djm@

show more ...

Determine appropriate salt for invalid users.

When sshd is processing a non-PAM login for a non-existent user it uses
the string from the fakepw structure as the salt for crypt(3)ing the

Determine appropriate salt for invalid users.

When sshd is processing a non-PAM login for a non-existent user it uses
the string from the fakepw structure as the salt for crypt(3)ing the
password supplied by the client. That string has a Blowfish prefix, so on
systems that don't understand that crypt will fail fast due to an invalid
salt, and even on those that do it may have significantly different timing
from the hash methods used for real accounts (eg sha512). This allows
user enumeration by, eg, sending large password strings. This was noted
by EddieEzra.Harari at verint.com (CVE-2016-6210).

To mitigate, use the same hash algorithm that root uses for hashing
passwords for users that do not exist on the system. ok djm@

show more ...