===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2-chall.c,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -u -r1.24 -r1.24.2.1
--- src/usr.bin/ssh/auth2-chall.c	2005/07/17 07:17:54	1.24
+++ src/usr.bin/ssh/auth2-chall.c	2006/10/06 03:19:32	1.24.2.1
@@ -1,3 +1,4 @@
+/* $OpenBSD: auth2-chall.c,v 1.24.2.1 2006/10/06 03:19:32 brad Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -22,14 +23,19 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-#include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.24 2005/07/17 07:17:54 djm Exp $");
 
+#include <sys/types.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "xmalloc.h"
 #include "ssh2.h"
+#include "key.h"
+#include "hostfile.h"
 #include "auth.h"
 #include "buffer.h"
 #include "packet.h"
-#include "xmalloc.h"
 #include "dispatch.h"
 #include "log.h"
 
@@ -261,7 +267,7 @@
 	if (nresp > 100)
 		fatal("input_userauth_info_response: too many replies");
 	if (nresp > 0) {
-		response = xmalloc(nresp * sizeof(char *));
+		response = xcalloc(nresp, sizeof(char *));
 		for (i = 0; i < nresp; i++)
 			response[i] = packet_get_string(NULL);
 	}
@@ -315,9 +321,10 @@
 {
 #ifdef BSD_AUTH
 	extern KbdintDevice mm_bsdauth_device;
-#endif
+#else
 #ifdef SKEY
 	extern KbdintDevice mm_skey_device;
+#endif
 #endif
 	/* As long as SSHv1 has devices[0] hard coded this is fine */
 #ifdef BSD_AUTH