+ else
+ error("Host key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys) {
+ sensitive_data.host_keys[i] = NULL;
+ continue;
+ }
+ }
+ pubkey = key_load_public(options.host_key_files[i], NULL);
sensitive_data.host_keys[i] = key;
- if (key == NULL) {
- error("Could not load host key: %s",
+ sensitive_data.host_pubkeys[i] = pubkey;
--- openssh-4.7p1.orig/servconf.c
+++ openssh-4.7p1/servconf.c
@@ -96,6 +96,7 @@
# test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
-@@ -271,6 +271,7 @@
+@@ -271,6 +274,7 @@
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -289,6 +289,7 @@
+@@ -289,6 +293,7 @@
$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ else
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys)
+ return 0;
+ }
#include "auth.h"
#include "canohost.h"
#ifdef GSSAPI
-@@ -147,6 +147,19 @@
+@@ -147,6 +148,19 @@
int len;
char *fp;
+ else
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys)
+ return 0;
+ }
+
+out:
+ if (dgst_packed)
-+ xfree(dgst_packed);
++ free(dgst_packed);
+ if (dgst_hex)
-+ xfree(dgst_hex);
++ free(dgst_hex);
+ if (fd >= 0)
+ close(fd);
-+ xfree(blacklist_file);
++ free(blacklist_file);
+ return ret;
+}
--- openssh-4.7p1.orig/ssh-vulnkey.c
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ if (!quiet)
+ printf("%s: %u %s %s\n", msg, key_size(key), fp, comment);
-+ xfree(fp);
++ free(fp);
+}
+
+int
+ ret = 0;
+ } else
+ describe_key("Not blacklisted", key, comment);
-+ xfree(blacklist_file);
++ free(blacklist_file);
+
+ return ret;
+}
+ found = 1;
+ }
+ if (comment)
-+ xfree(comment);
++ free(comment);
+ }
+
+ return ret;
+ else
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys)
+ continue;
+ }
#ifndef _PATH_SSH_PROGRAM
#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
#endif
---- openssh-4.7p1.orig/auth2-pubkey.c
-+++ openssh-4.7p1/auth2-pubkey.c
+--- openssh-5.9p1/auth2-pubkey.c~ 2011-09-29 00:36:17.000000000 +0300
++++ openssh-5.9p1/auth2-pubkey.c 2011-09-29 00:37:17.847762648 +0300
@@ -42,6 +42,7 @@
#include "compat.h"
#include "key.h"
#include "auth.h"
#include "pathnames.h"
#include "uidswap.h"
-@@ -269,9 +270,23 @@
- int
- user_key_allowed(struct passwd *pw, Key *key)
+@@ -608,6 +609,20 @@
{
-+ char *fp;
u_int success, i;
char *file;
-
++ char *fp;
++
+ if (blacklisted_key(key)) {
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ if (options.permit_blacklisted_keys)
+ logit("Public key %s blacklisted (see "
-+ "ssh-vulnkey(1)); continuing anyway", fp);
++ "ssh-vulnkey(1)); continuing anyway", fp);
+ else
+ logit("Public key %s blacklisted (see "
-+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ "ssh-vulnkey(1))", fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys)
+ return 0;
+ }
-+
+
if (auth_key_is_revoked(key))
return 0;
- if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
+