===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth-rhosts.c,v
retrieving revision 1.28.4.2
retrieving revision 1.29
diff -u -r1.28.4.2 -r1.29
--- src/usr.bin/ssh/auth-rhosts.c	2004/03/04 18:18:15	1.28.4.2
+++ src/usr.bin/ssh/auth-rhosts.c	2003/04/08 20:21:28	1.29
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.28.4.2 2004/03/04 18:18:15 brad Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.29 2003/04/08 20:21:28 itojun Exp $");
 
 #include "packet.h"
 #include "uidswap.h"
@@ -68,8 +68,7 @@
 		 * This should be safe because each buffer is as big as the
 		 * whole string, and thus cannot be overwritten.
 		 */
-		switch (sscanf(buf, "%1023s %1023s %1023s", hostbuf, userbuf,
-		    dummy)) {
+		switch (sscanf(buf, "%s %s %s", hostbuf, userbuf, dummy)) {
 		case 0:
 			auth_debug_add("Found empty line in %.100s.", filename);
 			continue;
@@ -156,7 +155,7 @@
 {
 	const char *hostname, *ipaddr;
 
-	hostname = get_canonical_hostname(options.use_dns);
+	hostname = get_canonical_hostname(options.verify_reverse_mapping);
 	ipaddr = get_remote_ipaddr();
 	return auth_rhosts2(pw, client_user, hostname, ipaddr);
 }
@@ -172,6 +171,10 @@
 
 	debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
 	    client_user, hostname, ipaddr);
+
+	/* no user given */
+	if (pw == NULL)
+		return 0;
 
 	/* Switch to the user's uid. */
 	temporarily_use_uid(pw);