convert bzero to memset, allow root login

author: Waldemar Brodkorb <wbx@openadk.org> 2009-09-23 18:58:04 +0200
committer: Waldemar Brodkorb <wbx@openadk.org> 2009-09-23 18:58:04 +0200
commit: e936694229354244eed3addad14a07f76614e67e (patch)
tree: 72821d5d7c5551f91087f30d02255eee75a1a7c6 /package
parent: eb3c2cf8238c2e09666f2bf4c46389ee4ff80f75 (diff)
12 files changed, 357 insertions, 3 deletions
diff --git a/package/openssh/files/sshd_config b/package/openssh/files/sshd_config
index 19b87bd17..1ef114940 100644
--- a/package/openssh/files/sshd_config
+++ b/package/openssh/files/sshd_config
@@ -38,7 +38,7 @@ HostKey /etc/ssh/ssh_host_rsa_key
 # Authentication:
 
 #LoginGraceTime 2m
-PermitRootLogin without-password
+PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
diff --git a/package/openssh/patches/patch-auth2-jpake_c b/package/openssh/patches/patch-auth2-jpake_c
new file mode 100644
index 000000000..3ea529fce
--- /dev/null
+++ b/package/openssh/patches/patch-auth2-jpake_c
@@ -0,0 +1,79 @@
+--- openssh-5.2p1.orig/auth2-jpake.c	2008-11-11 06:33:03.000000000 +0100
++++ openssh-5.2p1/auth2-jpake.c	2009-09-18 12:28:10.000000000 +0200
+@@ -172,7 +172,7 @@ derive_rawsalt(const char *username, u_c
+ 		fatal("%s: not enough bytes for rawsalt (want %u have %u)",
+ 		    __func__, len, digest_len);
+ 	memcpy(rawsalt, digest, len);
+-	bzero(digest, digest_len);
++	memset(digest, 0, digest_len);
+ 	xfree(digest);
+ }
+ 
+@@ -197,10 +197,10 @@ makesalt(u_int want, const char *user)
+ 		fatal("%s: want %u", __func__, want);
+ 
+ 	derive_rawsalt(user, rawsalt, sizeof(rawsalt));
+-	bzero(ret, sizeof(ret));
++	memset(ret, 0, sizeof(ret));
+ 	for (i = 0; i < want; i++)
+ 		ret[i] = pw_encode64(rawsalt[i]);
+-	bzero(rawsalt, sizeof(rawsalt));
++	memset(rawsalt, 0, sizeof(rawsalt));
+ 
+ 	return ret;
+ }
+@@ -354,7 +354,7 @@ auth2_jpake_get_pwdata(Authctxt *authctx
+ 	debug3("%s: scheme = %s", __func__, *hash_scheme);
+ 	JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
+ #endif
+-	bzero(secret, secret_len);
++	memset(secret, 0, secret_len);
+ 	xfree(secret);
+ }
+ 
+@@ -395,12 +395,12 @@ auth2_jpake_start(Authctxt *authctxt)
+ 	packet_send();
+ 	packet_write_wait();
+ 
+-	bzero(hash_scheme, strlen(hash_scheme));
+-	bzero(salt, strlen(salt));
++	memset(hash_scheme, 0, strlen(hash_scheme));
++	memset(salt, 0, strlen(salt));
+ 	xfree(hash_scheme);
+ 	xfree(salt);
+-	bzero(x3_proof, x3_proof_len);
+-	bzero(x4_proof, x4_proof_len);
++	memset(x3_proof, 0, x3_proof_len);
++	memset(x4_proof, 0, x4_proof_len);
+ 	xfree(x3_proof);
+ 	xfree(x4_proof);
+ 
+@@ -447,8 +447,8 @@ input_userauth_jpake_client_step1(int ty
+ 	    &pctx->b,
+ 	    &x4_s_proof, &x4_s_proof_len));
+ 
+-	bzero(x1_proof, x1_proof_len);
+-	bzero(x2_proof, x2_proof_len);
++	memset(x1_proof, 0, x1_proof_len);
++	memset(x2_proof, 0, x2_proof_len);
+ 	xfree(x1_proof);
+ 	xfree(x2_proof);
+ 
+@@ -462,7 +462,7 @@ input_userauth_jpake_client_step1(int ty
+ 	packet_send();
+ 	packet_write_wait();
+ 
+-	bzero(x4_s_proof, x4_s_proof_len);
++	memset(x4_s_proof, 0, x4_s_proof_len);
+ 	xfree(x4_s_proof);
+ 
+ 	/* Expect step 2 packet from peer */
+@@ -503,7 +503,7 @@ input_userauth_jpake_client_step2(int ty
+ 	    &pctx->k,
+ 	    &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
+ 
+-	bzero(x2_s_proof, x2_s_proof_len);
++	memset(x2_s_proof, 0, x2_s_proof_len);
+ 	xfree(x2_s_proof);
+ 
+ 	if (!use_privsep)
diff --git a/package/openssh/patches/patch-channels_c b/package/openssh/patches/patch-channels_c
new file mode 100644
index 000000000..3712809e4
--- /dev/null
+++ b/package/openssh/patches/patch-channels_c
@@ -0,0 +1,29 @@
+--- openssh-5.2p1.orig/channels.c	2009-02-14 06:28:21.000000000 +0100
++++ openssh-5.2p1/channels.c	2009-09-18 12:29:28.000000000 +0200
+@@ -411,7 +411,7 @@ channel_free(Channel *c)
+ 		if (cc->abandon_cb != NULL)
+ 			cc->abandon_cb(c, cc->ctx);
+ 		TAILQ_REMOVE(&c->status_confirms, cc, entry);
+-		bzero(cc, sizeof(*cc));
++		memset(cc, 0, sizeof(*cc));
+ 		xfree(cc);
+ 	}
+ 	if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
+@@ -2447,7 +2447,7 @@ channel_input_status_confirm(int type, u
+ 		return;
+ 	cc->cb(type, c, cc->ctx);
+ 	TAILQ_REMOVE(&c->status_confirms, cc, entry);
+-	bzero(cc, sizeof(*cc));
++	memset(cc, 0, sizeof(*cc));
+ 	xfree(cc);
+ }
+ 
+@@ -2941,7 +2941,7 @@ channel_connect_ctx_free(struct channel_
+ 	xfree(cctx->host);
+ 	if (cctx->aitop)
+ 		freeaddrinfo(cctx->aitop);
+-	bzero(cctx, sizeof(*cctx));
++	memset(cctx, 0, sizeof(*cctx));
+ 	cctx->host = NULL;
+ 	cctx->ai = cctx->aitop = NULL;
+ }
diff --git a/package/openssh/patches/patch-clientloop_c b/package/openssh/patches/patch-clientloop_c
new file mode 100644
index 000000000..1da1d31c9
--- /dev/null
+++ b/package/openssh/patches/patch-clientloop_c
@@ -0,0 +1,20 @@
+--- openssh-5.2p1.orig/clientloop.c	2009-02-14 06:28:21.000000000 +0100
++++ openssh-5.2p1/clientloop.c	2009-09-18 12:28:59.000000000 +0200
+@@ -487,7 +487,7 @@ client_global_request_reply(int type, u_
+ 		gc->cb(type, seq, gc->ctx);
+ 	if (--gc->ref_count <= 0) {
+ 		TAILQ_REMOVE(&global_confirms, gc, entry);
+-		bzero(gc, sizeof(*gc));
++		memset(gc, 0, sizeof(*gc));
+ 		xfree(gc);
+ 	}
+ 
+@@ -768,7 +768,7 @@ process_cmdline(void)
+ 	int cancel_port;
+ 	Forward fwd;
+ 
+-	bzero(&fwd, sizeof(fwd));
++	memset(&fwd, 0, sizeof(fwd));
+ 	fwd.listen_host = fwd.connect_host = NULL;
+ 
+ 	leave_raw_mode();
diff --git a/package/openssh/patches/patch-jpake_c b/package/openssh/patches/patch-jpake_c
new file mode 100644
index 000000000..37b69ee45
--- /dev/null
+++ b/package/openssh/patches/patch-jpake_c
@@ -0,0 +1,38 @@
+--- openssh-5.2p1.orig/jpake.c	2008-11-05 06:20:46.000000000 +0100
++++ openssh-5.2p1/jpake.c	2009-09-18 12:26:24.000000000 +0200
+@@ -160,7 +160,7 @@ hash_buffer(const u_char *buf, u_int len
+ 	success = 0;
+  out:
+ 	EVP_MD_CTX_cleanup(&evp_md_ctx);
+-	bzero(digest, sizeof(digest));
++	memset(digest, 0, sizeof(digest));
+ 	digest_len = 0;
+ 	return success;
+ }
+@@ -259,7 +259,7 @@ jpake_free(struct jpake_ctx *pctx)
+ #define JPAKE_BUF_CLEAR_FREE(v, l)		\
+ 	do {					\
+ 		if ((v) != NULL) {		\
+-			bzero((v), (l));	\
++			memset((v), 0, (l));	\
+ 			xfree(v);		\
+ 			(v) = NULL;		\
+ 			(l) = 0;		\
+@@ -287,7 +287,7 @@ jpake_free(struct jpake_ctx *pctx)
+ #undef JPAKE_BN_CLEAR_FREE
+ #undef JPAKE_BUF_CLEAR_FREE
+ 
+-	bzero(pctx, sizeof(pctx));
++	memset(pctx, 0, sizeof(pctx));
+ 	xfree(pctx);
+ }
+ 
+@@ -592,7 +592,7 @@ jpake_check_confirm(const BIGNUM *k,
+ 	else if (memcmp(peer_confirm_hash, expected_confirm_hash,
+ 	    expected_confirm_hash_len) == 0)
+ 		success = 1;
+-	bzero(expected_confirm_hash, expected_confirm_hash_len);
++	memset(expected_confirm_hash, 0, expected_confirm_hash_len);
+ 	xfree(expected_confirm_hash);
+ 	debug3("%s: success = %d", __func__, success);
+ 	return success;
diff --git a/package/openssh/patches/patch-monitor_c b/package/openssh/patches/patch-monitor_c
new file mode 100644
index 000000000..8992b3e6e
--- /dev/null
+++ b/package/openssh/patches/patch-monitor_c
@@ -0,0 +1,62 @@
+--- openssh-5.2p1.orig/monitor.c	2009-02-14 06:33:31.000000000 +0100
++++ openssh-5.2p1/monitor.c	2009-09-18 12:31:53.000000000 +0200
+@@ -2029,8 +2029,8 @@ mm_answer_jpake_step1(int sock, Buffer *
+ 	debug3("%s: sending step1", __func__);
+ 	mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
+ 
+-	bzero(x3_proof, x3_proof_len);
+-	bzero(x4_proof, x4_proof_len);
++	memset(x3_proof, 0, x3_proof_len);
++	memset(x4_proof, 0, x4_proof_len);
+ 	xfree(x3_proof);
+ 	xfree(x4_proof);
+ 
+@@ -2059,8 +2059,8 @@ mm_answer_jpake_get_pwdata(int sock, Buf
+ 	debug3("%s: sending pwdata", __func__);
+ 	mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
+ 
+-	bzero(hash_scheme, strlen(hash_scheme));
+-	bzero(salt, strlen(salt));
++	memset(hash_scheme, 0, strlen(hash_scheme));
++	memset(salt, 0, strlen(salt));
+ 	xfree(hash_scheme);
+ 	xfree(salt);
+ 
+@@ -2099,8 +2099,8 @@ mm_answer_jpake_step2(int sock, Buffer *
+ 
+ 	JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
+ 
+-	bzero(x1_proof, x1_proof_len);
+-	bzero(x2_proof, x2_proof_len);
++	memset(x1_proof, 0, x1_proof_len);
++	memset(x2_proof, 0, x2_proof_len);
+ 	xfree(x1_proof);
+ 	xfree(x2_proof);
+ 
+@@ -2112,7 +2112,7 @@ mm_answer_jpake_step2(int sock, Buffer *
+ 	debug3("%s: sending step2", __func__);
+ 	mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
+ 
+-	bzero(x4_s_proof, x4_s_proof_len);
++	memset(x4_s_proof, 0, x4_s_proof_len);
+ 	xfree(x4_s_proof);
+ 
+ 	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
+@@ -2146,7 +2146,7 @@ mm_answer_jpake_key_confirm(int sock, Bu
+ 
+ 	JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
+ 
+-	bzero(x2_s_proof, x2_s_proof_len);
++	memset(x2_s_proof, 0, x2_s_proof_len);
+ 	buffer_clear(m);
+ 
+ 	/* pctx->k is sensitive, not sent */
+@@ -2180,7 +2180,7 @@ mm_answer_jpake_check_confirm(int sock, 
+ 
+ 	JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
+ 
+-	bzero(peer_confirm_hash, peer_confirm_hash_len);
++	memset(peer_confirm_hash, 0, peer_confirm_hash_len);
+ 	xfree(peer_confirm_hash);
+ 
+ 	buffer_clear(m);
diff --git a/package/openssh/patches/patch-openbsd-compat_port-tun_c b/package/openssh/patches/patch-openbsd-compat_port-tun_c
index bc6e0b1b3..c4eb11c4c 100644
--- a/package/openssh/patches/patch-openbsd-compat_port-tun_c
+++ b/package/openssh/patches/patch-openbsd-compat_port-tun_c
@@ -1,6 +1,15 @@
 $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
---- openssh-5.1p1.orig/openbsd-compat/port-tun.c	2008-05-19 07:28:36.000000000 +0200
-+++ openssh-5.1p1/openbsd-compat/port-tun.c	2008-10-14 10:20:42.000000000 +0200
+--- openssh-5.2p1.orig/openbsd-compat/port-tun.c	2008-05-19 07:28:36.000000000 +0200
++++ openssh-5.2p1/openbsd-compat/port-tun.c	2009-09-18 12:25:49.000000000 +0200
+@@ -67,7 +67,7 @@ sys_tun_open(int tun, int mode)
+ 		return (-1);
+ 	}
+ 
+-	bzero(&ifr, sizeof(ifr));	
++	memset(&ifr, 0, sizeof(ifr));	
+ 
+ 	if (mode == SSH_TUNMODE_ETHERNET) {
+ 		ifr.ifr_flags = IFF_TAP;
 @@ -213,7 +213,7 @@ sys_tun_infilter(struct Channel *c, char
  	if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af)))
  		return (-1);
diff --git a/package/openssh/patches/patch-schnorr_c b/package/openssh/patches/patch-schnorr_c
new file mode 100644
index 000000000..aff2497ba
--- /dev/null
+++ b/package/openssh/patches/patch-schnorr_c
@@ -0,0 +1,11 @@
+--- openssh-5.2p1.orig/schnorr.c	2009-02-21 02:45:18.000000000 +0100
++++ openssh-5.2p1/schnorr.c	2009-09-18 12:28:29.000000000 +0200
+@@ -105,7 +105,7 @@ schnorr_hash(const BIGNUM *p, const BIGN
+  out:
+ 	buffer_free(&b);
+ 	EVP_MD_CTX_cleanup(&evp_md_ctx);
+-	bzero(digest, digest_len);
++	memset(digest, 0, digest_len);
+ 	xfree(digest);
+ 	digest_len = 0;
+ 	if (success == 0)
diff --git a/package/openssh/patches/patch-session_c b/package/openssh/patches/patch-session_c
new file mode 100644
index 000000000..ea9508cfd
--- /dev/null
+++ b/package/openssh/patches/patch-session_c
@@ -0,0 +1,11 @@
+--- openssh-5.2p1.orig/session.c	2009-01-28 06:29:49.000000000 +0100
++++ openssh-5.2p1/session.c	2009-09-18 12:25:29.000000000 +0200
+@@ -1865,7 +1865,7 @@ session_unused(int id)
+ 		fatal("%s: insane session id %d (max %d nalloc %d)",
+ 		    __func__, id, options.max_sessions, sessions_nalloc);
+ 	}
+-	bzero(&sessions[id], sizeof(*sessions));
++	memset(&sessions[id], 0, sizeof(*sessions));
+ 	sessions[id].self = id;
+ 	sessions[id].used = 0;
+ 	sessions[id].chanid = -1;
diff --git a/package/openssh/patches/patch-sftp-client_c b/package/openssh/patches/patch-sftp-client_c
new file mode 100644
index 000000000..21363fee7
--- /dev/null
+++ b/package/openssh/patches/patch-sftp-client_c
@@ -0,0 +1,11 @@
+--- openssh-5.2p1.orig/sftp-client.c	2008-07-04 15:10:49.000000000 +0200
++++ openssh-5.2p1/sftp-client.c	2009-09-18 12:30:56.000000000 +0200
+@@ -273,7 +273,7 @@ get_decode_statvfs(int fd, struct sftp_s
+ 		    SSH2_FXP_EXTENDED_REPLY, type);
+ 	}
+ 
+-	bzero(st, sizeof(*st));
++	memset(st, 0, sizeof(*st));
+ 	st->f_bsize = buffer_get_int64(&msg);
+ 	st->f_frsize = buffer_get_int64(&msg);
+ 	st->f_blocks = buffer_get_int64(&msg);
diff --git a/package/openssh/patches/patch-ssh_c b/package/openssh/patches/patch-ssh_c
new file mode 100644
index 000000000..486429320
--- /dev/null
+++ b/package/openssh/patches/patch-ssh_c
@@ -0,0 +1,13 @@
+--- openssh-5.2p1.orig/ssh.c	2009-02-14 06:28:21.000000000 +0100
++++ openssh-5.2p1/ssh.c	2009-09-18 12:26:46.000000000 +0200
+@@ -1277,8 +1277,8 @@ load_public_identity_files(void)
+ 		options.identity_files[i] = filename;
+ 		options.identity_keys[i] = public;
+ 	}
+-	bzero(pwname, strlen(pwname));
++	memset(pwname, 0, strlen(pwname));
+ 	xfree(pwname);
+-	bzero(pwdir, strlen(pwdir));
++	memset(pwdir, 0, strlen(pwdir));
+ 	xfree(pwdir);
+ }
diff --git a/package/openssh/patches/patch-sshconnect2_c b/package/openssh/patches/patch-sshconnect2_c
new file mode 100644
index 000000000..405989001
--- /dev/null
+++ b/package/openssh/patches/patch-sshconnect2_c
@@ -0,0 +1,71 @@
+--- openssh-5.2p1.orig/sshconnect2.c	2008-11-05 06:20:47.000000000 +0100
++++ openssh-5.2p1/sshconnect2.c	2009-09-18 12:30:37.000000000 +0200
+@@ -921,14 +921,14 @@ jpake_password_to_secret(Authctxt *authc
+ 	    &secret, &secret_len) != 0)
+ 		fatal("%s: hash_buffer", __func__);
+ 
+-	bzero(password, strlen(password));
+-	bzero(crypted, strlen(crypted));
++	memset(password, 0, strlen(password));
++	memset(crypted, 0, strlen(crypted));
+ 	xfree(password);
+ 	xfree(crypted);
+ 
+ 	if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
+ 		fatal("%s: BN_bin2bn (secret)", __func__);
+-	bzero(secret, secret_len);
++	memset(secret, 0, secret_len);
+ 	xfree(secret);
+ 
+ 	return ret;
+@@ -965,8 +965,8 @@ input_userauth_jpake_server_step1(int ty
+ 
+ 	/* Obtain password and derive secret */
+ 	pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
+-	bzero(crypt_scheme, strlen(crypt_scheme));
+-	bzero(salt, strlen(salt));
++	memset(crypt_scheme, 0, strlen(crypt_scheme));
++	memset(salt, 0, strlen(salt));
+ 	xfree(crypt_scheme);
+ 	xfree(salt);
+ 	JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
+@@ -981,8 +981,8 @@ input_userauth_jpake_server_step1(int ty
+ 	    &pctx->a,
+ 	    &x2_s_proof, &x2_s_proof_len);
+ 
+-	bzero(x3_proof, x3_proof_len);
+-	bzero(x4_proof, x4_proof_len);
++	memset(x3_proof, 0, x3_proof_len);
++	memset(x4_proof, 0, x4_proof_len);
+ 	xfree(x3_proof);
+ 	xfree(x4_proof);
+ 
+@@ -994,7 +994,7 @@ input_userauth_jpake_server_step1(int ty
+ 	packet_put_string(x2_s_proof, x2_s_proof_len);
+ 	packet_send();
+ 
+-	bzero(x2_s_proof, x2_s_proof_len);
++	memset(x2_s_proof, 0, x2_s_proof_len);
+ 	xfree(x2_s_proof);
+ 
+ 	/* Expect step 2 packet from peer */
+@@ -1034,7 +1034,7 @@ input_userauth_jpake_server_step2(int ty
+ 	    &pctx->k,
+ 	    &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
+ 
+-	bzero(x4_s_proof, x4_s_proof_len);
++	memset(x4_s_proof, 0, x4_s_proof_len);
+ 	xfree(x4_s_proof);
+ 
+ 	JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
+@@ -1700,8 +1700,8 @@ userauth_jpake(Authctxt *authctxt)
+ 	packet_put_string(x2_proof, x2_proof_len);
+ 	packet_send();
+ 
+-	bzero(x1_proof, x1_proof_len);
+-	bzero(x2_proof, x2_proof_len);
++	memset(x1_proof, 0, x1_proof_len);
++	memset(x2_proof, 0, x2_proof_len);
+ 	xfree(x1_proof);
+ 	xfree(x2_proof);
+
author	Waldemar Brodkorb <wbx@openadk.org>	2009-09-23 18:58:04 +0200
committer	Waldemar Brodkorb <wbx@openadk.org>	2009-09-23 18:58:04 +0200
commit	e936694229354244eed3addad14a07f76614e67e (patch)
tree	72821d5d7c5551f91087f30d02255eee75a1a7c6 /package
parent	eb3c2cf8238c2e09666f2bf4c46389ee4ff80f75 (diff)