===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/canohost.c,v
retrieving revision 1.42.2.2
retrieving revision 1.43
diff -u -r1.42.2.2 -r1.43
--- src/usr.bin/ssh/canohost.c	2006/02/03 02:53:44	1.42.2.2
+++ src/usr.bin/ssh/canohost.c	2005/06/16 08:00:00	1.43
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.42.2.2 2006/02/03 02:53:44 brad Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.43 2005/06/16 08:00:00 markus Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -43,13 +43,13 @@
 		cleanup_exit(255);
 	}
 
+	if (from.ss_family == AF_INET)
+		check_ip_options(sock, ntop);
+
 	if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
 	    NULL, 0, NI_NUMERICHOST) != 0)
 		fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
 
-	if (from.ss_family == AF_INET)
-		check_ip_options(sock, ntop);
-
 	if (!use_dns)
 		return xstrdup(ntop);
 
@@ -97,7 +97,7 @@
 	hints.ai_socktype = SOCK_STREAM;
 	if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
 		logit("reverse mapping checking getaddrinfo for %.700s "
-		    "failed - POSSIBLE BREAK-IN ATTEMPT!", name);
+		    "failed - POSSIBLE BREAKIN ATTEMPT!", name);
 		return xstrdup(ntop);
 	}
 	/* Look for the address from the list of addresses. */
@@ -112,7 +112,7 @@
 	if (!ai) {
 		/* Address not found for the host name. */
 		logit("Address %.100s maps to %.600s, but this does not "
-		    "map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
+		    "map back to the address - POSSIBLE BREAKIN ATTEMPT!",
 		    ntop, name);
 		return xstrdup(ntop);
 	}
@@ -137,8 +137,7 @@
 	u_char options[200];
 	char text[sizeof(options) * 3 + 1];
 	socklen_t option_size;
-	u_int i;
-	int ipproto;
+	int i, ipproto;
 	struct protoent *ip;
 
 	if ((ip = getprotobyname("ip")) != NULL)
@@ -152,8 +151,10 @@
 		for (i = 0; i < option_size; i++)
 			snprintf(text + i*3, sizeof(text) - i*3,
 			    " %2.2x", options[i]);
-		fatal("Connection from %.100s with IP options:%.800s",
+		logit("Connection from %.100s with IP options:%.800s",
 		    ipaddr, text);
+		packet_disconnect("Connection from %.100s with IP options:%.800s",
+		    ipaddr, text);
 	}
 }
 
@@ -166,27 +167,26 @@
 const char *
 get_canonical_hostname(int use_dns)
 {
-	char *host;
 	static char *canonical_host_name = NULL;
-	static char *remote_ip = NULL;
+	static int use_dns_done = 0;
 
 	/* Check if we have previously retrieved name with same option. */
-	if (use_dns && canonical_host_name != NULL)
-		return canonical_host_name;
-	if (!use_dns && remote_ip != NULL)
-		return remote_ip;
+	if (canonical_host_name != NULL) {
+		if (use_dns_done != use_dns)
+			xfree(canonical_host_name);
+		else
+			return canonical_host_name;
+	}
 
 	/* Get the real hostname if socket; otherwise return UNKNOWN. */
 	if (packet_connection_is_on_socket())
-		host = get_remote_hostname(packet_get_connection_in(), use_dns);
+		canonical_host_name = get_remote_hostname(
+		    packet_get_connection_in(), use_dns);
 	else
-		host = "UNKNOWN";
+		canonical_host_name = xstrdup("UNKNOWN");
 
-	if (use_dns)
-		canonical_host_name = host;
-	else
-		remote_ip = host;
-	return host;
+	use_dns_done = use_dns;
+	return canonical_host_name;
 }
 
 /*