===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/bufaux.c,v
retrieving revision 1.47
retrieving revision 1.52
diff -u -r1.47 -r1.52
--- src/usr.bin/ssh/Attic/bufaux.c	2010/01/12 01:36:08	1.47
+++ src/usr.bin/ssh/Attic/bufaux.c	2013/07/12 00:19:58	1.52
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.47 2010/01/12 01:36:08 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -82,7 +82,8 @@
 
 	if (buffer_get_ret(buffer, (char *) buf, 4) == -1)
 		return (-1);
-	*ret = get_u32(buf);
+	if (ret != NULL)
+		*ret = get_u32(buf);
 	return (0);
 }
 
@@ -104,7 +105,8 @@
 
 	if (buffer_get_ret(buffer, (char *) buf, 8) == -1)
 		return (-1);
-	*ret = get_u64(buf);
+	if (ret != NULL)
+		*ret = get_u64(buf);
 	return (0);
 }
 
@@ -164,7 +166,10 @@
 	u_int len;
 
 	/* Get the length. */
-	len = buffer_get_int(buffer);
+	if (buffer_get_int_ret(&len, buffer) != 0) {
+		error("buffer_get_string_ret: cannot extract length");
+		return (NULL);
+	}
 	if (len > 256 * 1024) {
 		error("buffer_get_string_ret: bad string length %u", len);
 		return (NULL);
@@ -174,7 +179,7 @@
 	/* Get the string. */
 	if (buffer_get_ret(buffer, value, len) == -1) {
 		error("buffer_get_string_ret: buffer_get failed");
-		xfree(value);
+		free(value);
 		return (NULL);
 	}
 	/* Append a null character to make processing easier. */
@@ -195,6 +200,39 @@
 	return (ret);
 }
 
+char *
+buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr)
+{
+	u_int length;
+	char *cp, *ret = buffer_get_string_ret(buffer, &length);
+
+	if (ret == NULL)
+		return NULL;
+	if ((cp = memchr(ret, '\0', length)) != NULL) {
+		/* XXX allow \0 at end-of-string for a while, remove later */
+		if (cp == ret + length - 1)
+			error("buffer_get_cstring_ret: string contains \\0");
+		else {
+			bzero(ret, length);
+			free(ret);
+			return NULL;
+		}
+	}
+	if (length_ptr != NULL)
+		*length_ptr = length;
+	return ret;
+}
+
+char *
+buffer_get_cstring(Buffer *buffer, u_int *length_ptr)
+{
+	char *ret;
+
+	if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL)
+		fatal("buffer_get_cstring: buffer error");
+	return ret;
+}
+
 void *
 buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr)
 {
@@ -245,7 +283,7 @@
  * Returns a character from the buffer (0 - 255).
  */
 int
-buffer_get_char_ret(char *ret, Buffer *buffer)
+buffer_get_char_ret(u_char *ret, Buffer *buffer)
 {
 	if (buffer_get_ret(buffer, ret, 1) == -1) {
 		error("buffer_get_char_ret: buffer_get_ret failed");
@@ -257,11 +295,11 @@
 int
 buffer_get_char(Buffer *buffer)
 {
-	char ch;
+	u_char ch;
 
 	if (buffer_get_char_ret(&ch, buffer) == -1)
 		fatal("buffer_get_char: buffer error");
-	return (u_char) ch;
+	return ch;
 }
 
 /*