===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/sshconnect1.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- src/usr.bin/ssh/Attic/sshconnect1.c	2001/02/08 19:30:52	1.24
+++ src/usr.bin/ssh/Attic/sshconnect1.c	2001/02/08 23:11:43	1.25
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.24 2001/02/08 19:30:52 itojun Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.25 2001/02/08 23:11:43 dugsong Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -51,6 +51,20 @@
 extern Options options;
 extern char *__progname;
 
+void
+ssh1_put_password(char *password)
+{
+	int size;
+	char *padded;
+
+	size = roundup(strlen(password), 32);
+	padded = xmalloc(size);
+	strlcpy(padded, password, size);
+	packet_put_string(padded, size);
+	memset(padded, 0, size);
+	xfree(padded);
+}
+
 /*
  * Checks if the user has an authentication agent, and if so, tries to
  * authenticate using the agent.
@@ -658,7 +672,7 @@
 			break;
 		}
 		packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
-		packet_put_string(response, strlen(response));
+		ssh1_put_password(response);
 		memset(response, 0, strlen(response));
 		xfree(response);
 		packet_send();
@@ -691,7 +705,7 @@
 			error("Permission denied, please try again.");
 		password = read_passphrase(prompt, 0);
 		packet_start(SSH_CMSG_AUTH_PASSWORD);
-		packet_put_string(password, strlen(password));
+		ssh1_put_password(password);
 		memset(password, 0, strlen(password));
 		xfree(password);
 		packet_send();