22 files changed, 175 insertions, 31 deletions

diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 8e3b429913827..2fd9b952bbeb2 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -68,6 +68,7 @@ COMPAT=	arc4random.o \
 	bsd-cygwin_util.o \
 	bsd-err.o \
 	bsd-flock.o \
+	bsd-getline.o \
 	bsd-getpagesize.o \
 	bsd-getpeereid.o \
 	bsd-malloc.o \
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index b6256b4f883f1..578f69f4f74f1 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -33,6 +33,10 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_SYS_RANDOM_H
+# include <sys/random.h>
+#endif
+
 #ifndef HAVE_ARC4RANDOM
 
 #ifdef WITH_OPENSSL
@@ -78,8 +82,9 @@ _rs_init(u_char *buf, size_t n)
 }
 
 #ifndef WITH_OPENSSL
-#define SSH_RANDOM_DEV "/dev/urandom"
-/* XXX use getrandom() if supported on Linux */
+# ifndef SSH_RANDOM_DEV
+#  define SSH_RANDOM_DEV "/dev/urandom"
+# endif /* SSH_RANDOM_DEV */
 static void
 getrnd(u_char *s, size_t len)
 {
@@ -87,6 +92,11 @@ getrnd(u_char *s, size_t len)
 	ssize_t r;
 	size_t o = 0;
 
+#ifdef HAVE_GETRANDOM
+	if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len)
+		return;
+#endif /* HAVE_GETRANDOM */
+
 	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
 		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
 	while (o < len) {
@@ -101,7 +111,7 @@ getrnd(u_char *s, size_t len)
 	}
 	close(fd);
 }
-#endif
+#endif /* WITH_OPENSSL */
 
 static void
 _rs_stir(void)
diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
index 0a07f9a0f8f0d..78523456387ae 100644
--- a/openbsd-compat/bcrypt_pbkdf.c
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -46,7 +46,7 @@
  * function with the following modifications:
  * 1. The input password and salt are preprocessed with SHA512.
  * 2. The output length is expanded to 256 bits.
- * 3. Subsequently the magic string to be encrypted is lengthened and modifed
+ * 3. Subsequently the magic string to be encrypted is lengthened and modified
  *    to "OxychromaticBlowfishSwatDynamite"
  * 4. The hash function is defined to perform 64 rounds of initial state
  *    expansion. (More rounds are performed by iterating the hash.)
diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c
index 9380b33a7247f..b56476a2d8589 100644
--- a/openbsd-compat/bsd-closefrom.c
+++ b/openbsd-compat/bsd-closefrom.c
@@ -77,7 +77,7 @@ closefrom(int lowfd)
 
     /* Check for a /proc/$$/fd directory. */
     len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
-    if (len > 0 && (size_t)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
+    if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) {
 	while ((dent = readdir(dirp)) != NULL) {
 	    fd = strtol(dent->d_name, &endp, 10);
 	    if (dent->d_name != endp && *endp == '\0' &&
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 398a5f617af59..fb49e30f5981e 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -36,6 +36,7 @@
 #include <fcntl.h>
 #include <string.h>
 #include <unistd.h>
+#include <stdarg.h>
 
 #include "xmalloc.h"
 
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h
index 9cef694b9a7c1..202c055dbae74 100644
--- a/openbsd-compat/bsd-cygwin_util.h
+++ b/openbsd-compat/bsd-cygwin_util.h
@@ -41,7 +41,7 @@ typedef void *HANDLE;
 #define UNLEN 256
 
 /* Cygwin functions for which declarations are only available when including
-   windows headers, so we have to define them here explicitely. */
+   windows headers, so we have to define them here explicitly. */
 extern HANDLE cygwin_logon_user (const struct passwd *, const char *);
 extern void cygwin_set_impersonation_token (const HANDLE);
 
diff --git a/openbsd-compat/bsd-getline.c b/openbsd-compat/bsd-getline.c
new file mode 100644
index 0000000000000..d676f4cefa7e9
--- /dev/null
+++ b/openbsd-compat/bsd-getline.c
@@ -0,0 +1,113 @@
+/*	$NetBSD: getline.c,v 1.1.1.6 2015/01/02 20:34:27 christos Exp $	*/
+
+/*	NetBSD: getline.c,v 1.2 2014/09/16 17:23:50 christos Exp 	*/
+
+/*-
+ * Copyright (c) 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* NETBSD ORIGINAL: external/bsd/file/dist/src/getline.c */
+
+#include "includes.h"
+
+#if 0
+#include "file.h"
+#endif
+
+#if !HAVE_GETLINE
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+
+static ssize_t
+getdelim(char **buf, size_t *bufsiz, int delimiter, FILE *fp)
+{
+	char *ptr, *eptr;
+
+
+	if (*buf == NULL || *bufsiz == 0) {
+		if ((*buf = malloc(BUFSIZ)) == NULL)
+			return -1;
+		*bufsiz = BUFSIZ;
+	}
+
+	for (ptr = *buf, eptr = *buf + *bufsiz;;) {
+		int c = fgetc(fp);
+		if (c == -1) {
+			if (feof(fp)) {
+				ssize_t diff = (ssize_t)(ptr - *buf);
+				if (diff != 0) {
+					*ptr = '\0';
+					return diff;
+				}
+			}
+			return -1;
+		}
+		*ptr++ = c;
+		if (c == delimiter) {
+			*ptr = '\0';
+			return ptr - *buf;
+		}
+		if (ptr + 2 >= eptr) {
+			char *nbuf;
+			size_t nbufsiz = *bufsiz * 2;
+			ssize_t d = ptr - *buf;
+			if ((nbuf = realloc(*buf, nbufsiz)) == NULL)
+				return -1;
+			*buf = nbuf;
+			*bufsiz = nbufsiz;
+			eptr = nbuf + nbufsiz;
+			ptr = nbuf + d;
+		}
+	}
+}
+
+ssize_t
+getline(char **buf, size_t *bufsiz, FILE *fp)
+{
+	return getdelim(buf, bufsiz, '\n', fp);
+}
+
+#endif
+
+#ifdef TEST
+int
+main(int argc, char *argv[])
+{
+	char *p = NULL;
+	ssize_t len;
+	size_t n = 0;
+
+	while ((len = getline(&p, &n, stdin)) != -1)
+		(void)printf("%" SIZE_T_FORMAT "d %s", len, p);
+	free(p);
+	return 0;
+}
+#endif
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 3daf610711a37..b6893e1711f59 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -28,6 +28,7 @@
 #include <string.h>
 #include <signal.h>
 #include <stdlib.h>
+#include <stdio.h>
 #include <time.h>
 #include <unistd.h>
 
diff --git a/openbsd-compat/bsd-nextstep.h b/openbsd-compat/bsd-nextstep.h
index 610f9e381f314..4a45b15af0e06 100644
--- a/openbsd-compat/bsd-nextstep.h
+++ b/openbsd-compat/bsd-nextstep.h
@@ -36,7 +36,7 @@
 /* NeXT's readdir() is BSD (struct direct) not POSIX (struct dirent) */
 #define dirent direct
 
-/* Swap out NeXT's BSD wait() for a more POSIX complient one */
+/* Swap out NeXT's BSD wait() for a more POSIX compliant one */
 pid_t posix_wait(int *);
 #define wait(a) posix_wait(a)
 
diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c
index d95b6a40158f0..f27b9d808a2a8 100644
--- a/openbsd-compat/bsd-snprintf.c
+++ b/openbsd-compat/bsd-snprintf.c
@@ -30,7 +30,7 @@
  *    probably requires libm on most operating systems.  Don't yet
  *    support the exponent (e,E) and sigfig (g,G).  Also, fmtint()
  *    was pretty badly broken, it just wasn't being exercised in ways
- *    which showed it, so that's been fixed.  Also, formated the code
+ *    which showed it, so that's been fixed.  Also, formatted the code
  *    to mutt conventions, and removed dead code left over from the
  *    original.  Also, there is now a builtin-test, just compile with:
  *           gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm
diff --git a/openbsd-compat/bsd-waitpid.h b/openbsd-compat/bsd-waitpid.h
index 5ce3ee4b530e9..b551268ab0639 100644
--- a/openbsd-compat/bsd-waitpid.h
+++ b/openbsd-compat/bsd-waitpid.h
@@ -27,7 +27,7 @@
 #define _BSD_WAITPID_H
 
 #ifndef HAVE_WAITPID
-/* Clean out any potental issues */
+/* Clean out any potential issues */
 #undef WIFEXITED
 #undef WIFSTOPPED
 #undef WIFSIGNALED
diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c
index 53a003472721d..6ef9825a9ad34 100644
--- a/openbsd-compat/explicit_bzero.c
+++ b/openbsd-compat/explicit_bzero.c
@@ -41,7 +41,7 @@ explicit_bzero(void *p, size_t n)
 	/*
 	 * clang -fsanitize=memory needs to intercept memset-like functions
 	 * to correctly detect memory initialisation. Make sure one is called
-	 * directly since our indirection trick above sucessfully confuses it.
+	 * directly since our indirection trick above successfully confuses it.
 	 */
 #if defined(__has_feature)
 # if __has_feature(memory_sanitizer)
diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c
index 7c5193e26d959..2f76ef931bb1c 100644
--- a/openbsd-compat/fmt_scaled.c
+++ b/openbsd-compat/fmt_scaled.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fmt_scaled.c,v 1.16 2017/03/16 02:40:46 dtucker Exp $	*/
+/*	$OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $	*/
 
 /*
  * Copyright (c) 2001, 2002, 2003 Ian F. Darwin.  All rights reserved.
@@ -188,7 +188,7 @@ scan_scaled(char *scaled, long long *result)
 			/* scale whole part */
 			whole *= scale_fact;
 
-			/* truncate fpart so it does't overflow.
+			/* truncate fpart so it doesn't overflow.
 			 * then scale fractional part.
 			 */
 			while (fpart >= LLONG_MAX / scale_fact) {
@@ -246,12 +246,15 @@ fmt_scaled(long long number, char *result)
 
 	fract = (10 * fract + 512) / 1024;
 	/* if the result would be >= 10, round main number */
-	if (fract == 10) {
+	if (fract >= 10) {
 		if (number >= 0)
 			number++;
 		else
 			number--;
 		fract = 0;
+	} else if (fract < 0) {
+		/* shouldn't happen */
+		fract = 0;
 	}
 
 	if (number == 0)
diff --git a/openbsd-compat/freezero.c b/openbsd-compat/freezero.c
index 90b9d38135664..bad018ff03290 100644
--- a/openbsd-compat/freezero.c
+++ b/openbsd-compat/freezero.c
@@ -16,6 +16,7 @@
 
 #include "includes.h"
 
+#include <stdlib.h>
 #include <string.h>
 
 #ifndef HAVE_FREEZERO
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index b48fb9342d19f..f5c833bf271f9 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -60,6 +60,10 @@ int bindresvport_sa(int sd, struct sockaddr *sa);
 void closefrom(int);
 #endif
 
+#ifndef HAVE_GETLINE
+ssize_t getline(char **, size_t *, FILE *);
+#endif
+
 #ifndef HAVE_GETPAGESIZE
 int getpagesize(void);
 #endif
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 79c8689669968..943177c708c9b 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -27,8 +27,9 @@
 #include "includes.h"
 
 #include "xmalloc.h"
-#include "buffer.h"
-#include "key.h"
+#include "sshbuf.h"
+#include "ssherr.h"
+#include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "ssh.h"
@@ -176,7 +177,7 @@ sys_auth_passwd(struct ssh *ssh, const char *password)
 {
 	Authctxt *ctxt = ssh->authctxt;
 	char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name;
-	int authsuccess = 0, expired, reenter, result;
+	int r, authsuccess = 0, expired, reenter, result;
 
 	do {
 		result = authenticate((char *)name, (char *)password, &reenter,
@@ -203,7 +204,10 @@ sys_auth_passwd(struct ssh *ssh, const char *password)
 		 */
 		expired = passwdexpired(name, &msg);
 		if (msg && *msg) {
-			buffer_append(ctxt->loginmsg, msg, strlen(msg));
+			if ((r = sshbuf_put(ctxt->loginmsg,
+			    msg, strlen(msg))) != 0)
+				fatal("%s: buffer error: %s",
+				    __func__, ssh_err(r));
 			aix_remove_embedded_newlines(msg);
 		}
 		debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
@@ -234,10 +238,10 @@ sys_auth_passwd(struct ssh *ssh, const char *password)
  * Returns 1 if login is allowed, 0 if not allowed.
  */
 int
-sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg)
+sys_auth_allowed_user(struct passwd *pw, struct sshbuf *loginmsg)
 {
 	char *msg = NULL;
-	int result, permitted = 0;
+	int r, result, permitted = 0;
 	struct stat st;
 
 	/*
@@ -260,8 +264,10 @@ sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg)
 	 */
 	if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0)
 		permitted = 1;
-	else if (msg != NULL)
-		buffer_append(loginmsg, msg, strlen(msg));
+	else if (msg != NULL) {
+		if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)
+			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	}
 	if (msg == NULL)
 		msg = xstrdup("(none)");
 	aix_remove_embedded_newlines(msg);
@@ -275,7 +281,7 @@ sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg)
 
 int
 sys_auth_record_login(const char *user, const char *host, const char *ttynm,
-    Buffer *loginmsg)
+    struct sshbuf *loginmsg)
 {
 	char *msg = NULL;
 	int success = 0;
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 9c0a4dd3ea62a..748c0e4e31091 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -30,7 +30,7 @@
 # include <sys/socket.h>
 #endif
 
-#include "buffer.h"
+struct sshbuf;
 
 /* These should be in the system headers but are not. */
 int usrinfo(int, char *, int);
@@ -87,9 +87,10 @@ void aix_usrinfo(struct passwd *);
 #ifdef WITH_AIXAUTHENTICATE
 # define CUSTOM_SYS_AUTH_PASSWD 1
 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1
-int sys_auth_allowed_user(struct passwd *, Buffer *);
+int sys_auth_allowed_user(struct passwd *, struct sshbuf *);
 # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
-int sys_auth_record_login(const char *, const char *, const char *, Buffer *);
+int sys_auth_record_login(const char *, const char *,
+    const char *, struct sshbuf *);
 # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
 char *sys_auth_get_lastlogin_msg(const char *, uid_t);
 # define CUSTOM_FAILED_LOGIN 1
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
index 014cac264b159..9edb1b4811518 100644
--- a/openbsd-compat/port-uw.c
+++ b/openbsd-compat/port-uw.c
@@ -38,8 +38,6 @@
 
 #include "xmalloc.h"
 #include "packet.h"
-#include "buffer.h"
-#include "key.h"
 #include "auth-options.h"
 #include "log.h"
 #include "misc.h"	/* servconf.h needs misc.h for struct ForwardOptions */
@@ -99,7 +97,7 @@ nischeck(char *namep)
 
 	if ((fd = fopen (password_file, "r")) == NULL) {
 		/*
-		 * If the passwd file has dissapeared we are in a bad state.
+		 * If the passwd file has disappeared we are in a bad state.
 		 * However, returning 0 will send us back through the
 		 * authentication scheme that has checked the ia database for
 		 * passwords earlier.
diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
index a22099bbe9702..b55ea30ac7435 100644
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c
@@ -72,7 +72,7 @@
  * Please make sure that your system defines BYTE_ORDER.  If your
  * architecture is little-endian, make sure it also defines
  * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
- * equivilent.
+ * equivalent.
  *
  * If your system does not define the above, then you can do so by
  * hand like this:
diff --git a/openbsd-compat/strndup.c b/openbsd-compat/strndup.c
index ebb4eccfb819e..30ac6f04622d3 100644
--- a/openbsd-compat/strndup.c
+++ b/openbsd-compat/strndup.c
@@ -16,7 +16,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#include "config.h"
+#include "includes.h"
 #if !defined(HAVE_STRNDUP) || defined(BROKEN_STRNDUP)
 #include <sys/types.h>
 
diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
index 8cc6b96b59ce8..7ad3573a62776 100644
--- a/openbsd-compat/strnlen.c
+++ b/openbsd-compat/strnlen.c
@@ -18,7 +18,7 @@
 
 /* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */
 
-#include "config.h"
+#include "includes.h"
 #if !defined(HAVE_STRNLEN) || defined(BROKEN_STRNLEN)
 #include <sys/types.h>
 
diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h
index 28aaaa37a8ce5..af93d6814025b 100644
--- a/openbsd-compat/sys-queue.h
+++ b/openbsd-compat/sys-queue.h
@@ -45,6 +45,7 @@
 #undef SLIST_HEAD_INITIALIZER
 #undef SLIST_ENTRY
 #undef SLIST_FOREACH_PREVPTR
+#undef SLIST_FOREACH_SAFE
 #undef SLIST_FIRST
 #undef SLIST_END
 #undef SLIST_EMPTY
@@ -54,6 +55,7 @@
 #undef SLIST_INSERT_AFTER
 #undef SLIST_INSERT_HEAD
 #undef SLIST_REMOVE_HEAD
+#undef SLIST_REMOVE_AFTER
 #undef SLIST_REMOVE
 #undef SLIST_REMOVE_NEXT
 #undef LIST_HEAD
@@ -64,6 +66,7 @@
 #undef LIST_EMPTY
 #undef LIST_NEXT
 #undef LIST_FOREACH
+#undef LIST_FOREACH_SAFE
 #undef LIST_INIT
 #undef LIST_INSERT_AFTER
 #undef LIST_INSERT_BEFORE
@@ -94,6 +97,8 @@
 #undef TAILQ_EMPTY
 #undef TAILQ_FOREACH
 #undef TAILQ_FOREACH_REVERSE
+#undef TAILQ_FOREACH_SAFE
+#undef TAILQ_FOREACH_REVERSE_SAFE
 #undef TAILQ_INIT
 #undef TAILQ_INSERT_HEAD
 #undef TAILQ_INSERT_TAIL