external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/auth2-passwd.c b/auth2-passwd.c
index 4dd3816..09cf077 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -41,6 +41,7 @@
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
+#include "misc.h"
#include "servconf.h"
/* import */
@@ -59,20 +60,20 @@
if (change) {
/* discard new password from packet */
newpass = packet_get_string(&newlen);
- memset(newpass, 0, newlen);
- xfree(newpass);
+ explicit_bzero(newpass, newlen);
+ free(newpass);
}
packet_check_eom();
if (change)
logit("password change not supported");
-#ifndef ANDROID
- /* no password authentication in android */
+#if !defined(ANDROID)
+ /* no password authentication in Android */
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
#endif
- memset(password, 0, len);
- xfree(password);
+ explicit_bzero(password, len);
+ free(password);
return authenticated;
}