external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/auth-pam.c b/auth-pam.c
index 675006e..d789bad 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -412,10 +412,9 @@
fail:
for(i = 0; i < n; i++) {
- if (reply[i].resp != NULL)
- xfree(reply[i].resp);
+ free(reply[i].resp);
}
- xfree(reply);
+ free(reply);
buffer_free(&buffer);
return (PAM_CONV_ERR);
}
@@ -439,8 +438,10 @@
const char **ptr_pam_user = &pam_user;
char *tz = getenv("TZ");
- pam_get_item(sshpam_handle, PAM_USER,
+ sshpam_err = pam_get_item(sshpam_handle, PAM_USER,
(sshpam_const void **)ptr_pam_user);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
environ[0] = NULL;
if (tz != NULL)
@@ -586,10 +587,9 @@
fail:
for(i = 0; i < n; i++) {
- if (reply[i].resp != NULL)
- xfree(reply[i].resp);
+ free(reply[i].resp);
}
- xfree(reply);
+ free(reply);
return (PAM_CONV_ERR);
}
@@ -693,7 +693,7 @@
/* Start the authentication thread */
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
error("PAM: failed create sockets: %s", strerror(errno));
- xfree(ctxt);
+ free(ctxt);
return (NULL);
}
ctxt->pam_psock = socks[0];
@@ -703,7 +703,7 @@
strerror(errno));
close(socks[0]);
close(socks[1]);
- xfree(ctxt);
+ free(ctxt);
return (NULL);
}
cleanup_ctxt = ctxt;
@@ -742,7 +742,7 @@
strlcpy(**prompts + plen, msg, len - plen);
plen += mlen;
**echo_on = (type == PAM_PROMPT_ECHO_ON);
- xfree(msg);
+ free(msg);
return (0);
case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
@@ -753,7 +753,7 @@
plen += mlen;
strlcat(**prompts + plen, "\n", len - plen);
plen++;
- xfree(msg);
+ free(msg);
break;
case PAM_ACCT_EXPIRED:
sshpam_account_status = 0;
@@ -766,7 +766,7 @@
*num = 0;
**echo_on = 0;
ctxt->pam_done = -1;
- xfree(msg);
+ free(msg);
return 0;
}
/* FALLTHROUGH */
@@ -776,7 +776,7 @@
debug("PAM: %s", **prompts);
buffer_append(&loginmsg, **prompts,
strlen(**prompts));
- xfree(**prompts);
+ free(**prompts);
**prompts = NULL;
}
if (type == PAM_SUCCESS) {
@@ -790,7 +790,7 @@
*num = 0;
**echo_on = 0;
ctxt->pam_done = 1;
- xfree(msg);
+ free(msg);
return (0);
}
error("PAM: %s for %s%.100s from %.100s", msg,
@@ -801,7 +801,7 @@
default:
*num = 0;
**echo_on = 0;
- xfree(msg);
+ free(msg);
ctxt->pam_done = -1;
return (-1);
}
@@ -852,7 +852,7 @@
debug3("PAM: %s entering", __func__);
sshpam_thread_cleanup();
- xfree(ctxt);
+ free(ctxt);
/*
* We don't call sshpam_cleanup() here because we may need the PAM
* handle at a later stage, e.g. when setting up a session. It's
@@ -1006,10 +1006,9 @@
fail:
for(i = 0; i < n; i++) {
- if (reply[i].resp != NULL)
- xfree(reply[i].resp);
+ free(reply[i].resp);
}
- xfree(reply);
+ free(reply);
return (PAM_CONV_ERR);
}
@@ -1081,7 +1080,7 @@
snprintf(compound, len, "%s=%s", name, value);
ret = pam_putenv(sshpam_handle, compound);
- xfree(compound);
+ free(compound);
#endif
return (ret);
@@ -1108,8 +1107,8 @@
return;
for (envp = env; *envp; envp++)
- xfree(*envp);
- xfree(env);
+ free(*envp);
+ free(env);
}
/*
@@ -1165,10 +1164,9 @@
fail:
for(i = 0; i < n; i++) {
- if (reply[i].resp != NULL)
- xfree(reply[i].resp);
+ free(reply[i].resp);
}
- xfree(reply);
+ free(reply);
return (PAM_CONV_ERR);
}