===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/bufaux.c,v
retrieving revision 1.46
retrieving revision 1.51
diff -u -r1.46 -r1.51
--- src/usr.bin/ssh/Attic/bufaux.c	2008/06/10 23:21:34	1.46
+++ src/usr.bin/ssh/Attic/bufaux.c	2013/05/17 00:13:13	1.51
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.46 2008/06/10 23:21:34 dtucker Exp $ */
+/* $OpenBSD: bufaux.c,v 1.51 2013/05/17 00:13:13 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -82,7 +82,8 @@
 
 	if (buffer_get_ret(buffer, (char *) buf, 4) == -1)
 		return (-1);
-	*ret = get_u32(buf);
+	if (ret != NULL)
+		*ret = get_u32(buf);
 	return (0);
 }
 
@@ -104,7 +105,8 @@
 
 	if (buffer_get_ret(buffer, (char *) buf, 8) == -1)
 		return (-1);
-	*ret = get_u64(buf);
+	if (ret != NULL)
+		*ret = get_u64(buf);
 	return (0);
 }
 
@@ -164,7 +166,10 @@
 	u_int len;
 
 	/* Get the length. */
-	len = buffer_get_int(buffer);
+	if (buffer_get_int_ret(&len, buffer) != 0) {
+		error("buffer_get_string_ret: cannot extract length");
+		return (NULL);
+	}
 	if (len > 256 * 1024) {
 		error("buffer_get_string_ret: bad string length %u", len);
 		return (NULL);
@@ -174,7 +179,7 @@
 	/* Get the string. */
 	if (buffer_get_ret(buffer, value, len) == -1) {
 		error("buffer_get_string_ret: buffer_get failed");
-		xfree(value);
+		free(value);
 		return (NULL);
 	}
 	/* Append a null character to make processing easier. */
@@ -195,20 +200,66 @@
 	return (ret);
 }
 
+char *
+buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr)
+{
+	u_int length;
+	char *cp, *ret = buffer_get_string_ret(buffer, &length);
+
+	if (ret == NULL)
+		return NULL;
+	if ((cp = memchr(ret, '\0', length)) != NULL) {
+		/* XXX allow \0 at end-of-string for a while, remove later */
+		if (cp == ret + length - 1)
+			error("buffer_get_cstring_ret: string contains \\0");
+		else {
+			bzero(ret, length);
+			free(ret);
+			return NULL;
+		}
+	}
+	if (length_ptr != NULL)
+		*length_ptr = length;
+	return ret;
+}
+
+char *
+buffer_get_cstring(Buffer *buffer, u_int *length_ptr)
+{
+	char *ret;
+
+	if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL)
+		fatal("buffer_get_cstring: buffer error");
+	return ret;
+}
+
 void *
-buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr)
+buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr)
 {
 	void *ptr;
 	u_int len;
 
-	len = buffer_get_int(buffer);
-	if (len > 256 * 1024)
-		fatal("buffer_get_string_ptr: bad string length %u", len);
+	if (buffer_get_int_ret(&len, buffer) != 0)
+		return NULL;
+	if (len > 256 * 1024) {
+		error("buffer_get_string_ptr: bad string length %u", len);
+		return NULL;
+	}
 	ptr = buffer_ptr(buffer);
 	buffer_consume(buffer, len);
 	if (length_ptr)
 		*length_ptr = len;
 	return (ptr);
+}
+
+void *
+buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr)
+{
+	void *ret;
+
+	if ((ret = buffer_get_string_ptr_ret(buffer, length_ptr)) == NULL)
+		fatal("buffer_get_string_ptr: buffer error");
+	return (ret);
 }
 
 /*