===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keyscan.c,v
retrieving revision 1.55.2.3
retrieving revision 1.56
diff -u -r1.55.2.3 -r1.56
--- src/usr.bin/ssh/ssh-keyscan.c	2006/11/08 00:44:05	1.55.2.3
+++ src/usr.bin/ssh/ssh-keyscan.c	2005/09/13 23:40:07	1.56
@@ -1,4 +1,3 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.55.2.3 2006/11/08 00:44:05 brad Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -7,35 +6,26 @@
  * OpenBSD project by leaving this copyright notice intact.
  */
 
-#include <sys/types.h>
-#include <sys/socket.h>
+#include "includes.h"
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $");
+
 #include <sys/queue.h>
-#include <sys/time.h>
-#include <sys/resource.h>
+#include <errno.h>
 
 #include <openssl/bn.h>
 
-#include <errno.h>
-#include <netdb.h>
 #include <setjmp.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <unistd.h>
-
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh1.h"
-#include "buffer.h"
 #include "key.h"
-#include "cipher.h"
 #include "kex.h"
 #include "compat.h"
 #include "myproposal.h"
 #include "packet.h"
 #include "dispatch.h"
+#include "buffer.h"
+#include "bufaux.h"
 #include "log.h"
 #include "atomicio.h"
 #include "misc.h"
@@ -65,7 +55,7 @@
 
 extern char *__progname;
 fd_set *read_wait;
-size_t read_wait_nfdset;
+size_t read_wait_size;
 int ncon;
 int nonfatal_fatal = 0;
 jmp_buf kexjmp;
@@ -139,7 +129,7 @@
 		lb->stream = stdin;
 	}
 
-	if (!(lb->buf = malloc((lb->size = LINEBUF_SIZE)))) {
+	if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
 		if (errfun)
 			(*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
 		xfree(lb);
@@ -351,7 +341,6 @@
 	c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
 	c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
 	c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
-	c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
 	c->c_kex->verify_host_key = hostjump;
 
 	if (!(j = setjmp(kexjmp))) {
@@ -501,18 +490,12 @@
 	size_t bufsiz;
 	con *c = &fdcon[s];
 
-	for (;;) {
-		memset(buf, '\0', sizeof(buf));
-		bufsiz = sizeof(buf);
-		cp = buf;
-		while (bufsiz-- &&
-		    (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
-			if (*cp == '\r')
-				*cp = '\n';
-			cp++;
-		}
-		if (n != 1 || strncmp(buf, "SSH-", 4) == 0)
-			break;
+	bufsiz = sizeof(buf);
+	cp = buf;
+	while (bufsiz-- && (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
+		if (*cp == '\r')
+			*cp = '\n';
+		cp++;
 	}
 	if (n == 0) {
 		switch (errno) {
@@ -604,6 +587,7 @@
 			keyprint(c, keygrab_ssh1(c));
 			confree(s);
 			return;
+			break;
 		default:
 			fatal("conread: invalid status %d", c->c_status);
 			break;
@@ -635,10 +619,10 @@
 	} else
 		seltime.tv_sec = seltime.tv_usec = 0;
 
-	r = xcalloc(read_wait_nfdset, sizeof(fd_mask));
-	e = xcalloc(read_wait_nfdset, sizeof(fd_mask));
-	memcpy(r, read_wait, read_wait_nfdset * sizeof(fd_mask));
-	memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask));
+	r = xmalloc(read_wait_size);
+	memcpy(r, read_wait, read_wait_size);
+	e = xmalloc(read_wait_size);
+	memcpy(e, read_wait, read_wait_size);
 
 	while (select(maxfd, r, NULL, e, &seltime) == -1 &&
 	    (errno == EAGAIN || errno == EINTR))
@@ -802,10 +786,12 @@
 		fatal("%s: not enough file descriptors", __progname);
 	if (maxfd > fdlim_get(0))
 		fdlim_set(maxfd);
-	fdcon = xcalloc(maxfd, sizeof(con));
+	fdcon = xmalloc(maxfd * sizeof(con));
+	memset(fdcon, 0, maxfd * sizeof(con));
 
-	read_wait_nfdset = howmany(maxfd, NFDBITS);
-	read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask));
+	read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
+	read_wait = xmalloc(read_wait_size);
+	memset(read_wait, 0, read_wait_size);
 
 	if (fopt_count) {
 		Linebuf *lb;