Mercurial > dropbear

changeset 1286:7d02b83c61fd coverity

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge
author Matt Johnston <matt@ucc.asn.au>
date Fri, 18 Mar 2016 22:47:33 +0800
parents 770e14154da3 (current diff) 309e1c4a8768 (diff)
children 10e2a7727253
files .travis.yml
diffstat 52 files changed, 237 insertions(+), 207 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Tue Mar 15 23:20:40 2016 +0800
+++ b/CHANGES	Fri Mar 18 22:47:33 2016 +0800
@@ -1,4 +1,4 @@
-- Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou
+2016.73 - 18 March 2016
 
 - Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev
 
@@ -9,18 +9,29 @@
 - New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options
   in the style of OpenSSH, though implementing all OpenSSH options is not planned.
 
-- Various cleanups for issues found by a lint tool, patch from Francois Perrad
+- Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou
 
 - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks
 
+- Various cleanups for issues found by a lint tool, patch from Francois Perrad
+
 - Fix tab indent consistency, patch from Francois Perrad
 
 - Fix issues found by cppcheck, reported by Mike Tzou
 
+- Use system memset_s() or explicit_bzero() if available to clear memory. Also make
+  libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).
+
+- Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.
+
+- Improved Travis CI test running, thanks to Mike Tzou
+
+- Improve some code that was flagged by Coverity and Fortify Static Code Analyzer
+
 2016.72 - 9 March 2016
 
 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
-  found by github.com/tintinweb. Thanks for Damien Miller for a patch.
+  found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
 
 2015.71 - 3 December 2015
 
--- a/Makefile.in	Tue Mar 15 23:20:40 2016 +0800
+++ b/Makefile.in	Fri Mar 18 22:47:33 2016 +0800
@@ -24,7 +24,7 @@
 LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) 
 endif
 
-COMMONOBJS=dbutil.o buffer.o \
+COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 		dss.o bignum.o \
 		signkey.o rsa.o dbrandom.o \
 		queue.o \
--- a/atomicio.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/atomicio.c	Fri Mar 18 22:47:33 2016 +0800
@@ -53,6 +53,7 @@
 			if (errno == EINTR || errno == EAGAIN)
 #endif
 				continue;
+			/* FALLTHROUGH */
 		case 0:
 			return (res);
 		default:
--- a/auth.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/auth.h	Fri Mar 18 22:47:33 2016 +0800
@@ -29,25 +29,25 @@
 #include "signkey.h"
 #include "chansession.h"
 
-void svr_authinitialise();
-void cli_authinitialise();
+void svr_authinitialise(void);
+void cli_authinitialise(void);
 
 /* Server functions */
-void recv_msg_userauth_request();
+void recv_msg_userauth_request(void);
 void send_msg_userauth_failure(int partial, int incrfail);
-void send_msg_userauth_success();
+void send_msg_userauth_success(void);
 void send_msg_userauth_banner(buffer *msg);
-void svr_auth_password();
-void svr_auth_pubkey();
-void svr_auth_pam();
+void svr_auth_password(void);
+void svr_auth_pubkey(void);
+void svr_auth_pam(void);
 
 #ifdef ENABLE_SVR_PUBKEY_OPTIONS
-int svr_pubkey_allows_agentfwd();
-int svr_pubkey_allows_tcpfwd();
-int svr_pubkey_allows_x11fwd();
-int svr_pubkey_allows_pty();
+int svr_pubkey_allows_agentfwd(void);
+int svr_pubkey_allows_tcpfwd(void);
+int svr_pubkey_allows_x11fwd(void);
+int svr_pubkey_allows_pty(void);
 void svr_pubkey_set_forced_command(struct ChanSess *chansess);
-void svr_pubkey_options_cleanup();
+void svr_pubkey_options_cleanup(void);
 int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename);
 #else
 /* no option : success */
@@ -56,34 +56,34 @@
 #define svr_pubkey_allows_x11fwd() 1
 #define svr_pubkey_allows_pty() 1
 static inline void svr_pubkey_set_forced_command(struct ChanSess *chansess) { }
-static inline void svr_pubkey_options_cleanup() { }
+static inline void svr_pubkey_options_cleanup(void) { }
 #define svr_add_pubkey_options(x,y,z) DROPBEAR_SUCCESS
 #endif
 
 /* Client functions */
-void recv_msg_userauth_failure();
-void recv_msg_userauth_success();
-void recv_msg_userauth_specific_60();
-void recv_msg_userauth_pk_ok();
-void recv_msg_userauth_info_request();
-void cli_get_user();
-void cli_auth_getmethods();
-int cli_auth_try();
-void recv_msg_userauth_banner();
-void cli_pubkeyfail();
-void cli_auth_password();
-int cli_auth_pubkey();
-void cli_auth_interactive();
+void recv_msg_userauth_failure(void);
+void recv_msg_userauth_success(void);
+void recv_msg_userauth_specific_60(void);
+void recv_msg_userauth_pk_ok(void);
+void recv_msg_userauth_info_request(void);
+void cli_get_user(void);
+void cli_auth_getmethods(void);
+int cli_auth_try(void);
+void recv_msg_userauth_banner(void);
+void cli_pubkeyfail(void);
+void cli_auth_password(void);
+int cli_auth_pubkey(void);
+void cli_auth_interactive(void);
 char* getpass_or_cancel(char* prompt);
-void cli_auth_pubkey_cleanup();
+void cli_auth_pubkey_cleanup(void);
 
 
 #define MAX_USERNAME_LEN 25 /* arbitrary for the moment */
 
 #define AUTH_TYPE_NONE      1
-#define AUTH_TYPE_PUBKEY    1 << 1
-#define AUTH_TYPE_PASSWORD  1 << 2
-#define AUTH_TYPE_INTERACT  1 << 3
+#define AUTH_TYPE_PUBKEY    (1 << 1)
+#define AUTH_TYPE_PASSWORD  (1 << 2)
+#define AUTH_TYPE_INTERACT  (1 << 3)
 
 #define AUTH_METHOD_NONE "none"
 #define AUTH_METHOD_NONE_LEN 4
--- a/bignum.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/bignum.h	Fri Mar 18 22:47:33 2016 +0800
@@ -25,8 +25,7 @@
 #ifndef DROPBEAR_BIGNUM_H_
 #define DROPBEAR_BIGNUM_H_
 
-#include "includes.h"
-#include "dbutil.h"
+#include "dbhelpers.h"
 
 void m_mp_init(mp_int *mp);
 void m_mp_init_multi(mp_int *mp, ...) ATTRIB_SENTINEL;
--- a/channel.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/channel.h	Fri Mar 18 22:47:33 2016 +0800
@@ -105,23 +105,23 @@
 void channel_connect_done(int result, int sock, void* user_data, const char* errstring);
 
 void chaninitialise(const struct ChanType *chantypes[]);
-void chancleanup();
+void chancleanup(void);
 void setchannelfds(fd_set *readfds, fd_set *writefds, int allow_reads);
 void channelio(fd_set *readfd, fd_set *writefd);
-struct Channel* getchannel();
+struct Channel* getchannel(void);
 /* Returns an arbitrary channel that is in a ready state - not
 being initialised and no EOF in either direction. NULL if none. */
-struct Channel* get_any_ready_channel();
+struct Channel* get_any_ready_channel(void);
 
-void recv_msg_channel_open();
-void recv_msg_channel_request();
+void recv_msg_channel_open(void);
+void recv_msg_channel_request(void);
 void send_msg_channel_failure(struct Channel *channel);
 void send_msg_channel_success(struct Channel *channel);
-void recv_msg_channel_data();
-void recv_msg_channel_extended_data();
-void recv_msg_channel_window_adjust();
-void recv_msg_channel_close();
-void recv_msg_channel_eof();
+void recv_msg_channel_data(void);
+void recv_msg_channel_extended_data(void);
+void recv_msg_channel_window_adjust(void);
+void recv_msg_channel_close(void);
+void recv_msg_channel_eof(void);
 
 void common_recv_msg_channel_data(struct Channel *channel, int fd, 
 		circbuffer * buf);
@@ -132,13 +132,13 @@
 
 #if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
 int send_msg_channel_open_init(int fd, const struct ChanType *type);
-void recv_msg_channel_open_confirmation();
-void recv_msg_channel_open_failure();
+void recv_msg_channel_open_confirmation(void);
+void recv_msg_channel_open_failure(void);
 #endif
 void start_send_channel_request(struct Channel *channel, char *type);
 
-void send_msg_request_success();
-void send_msg_request_failure();
+void send_msg_request_success(void);
+void send_msg_request_failure(void);
 
 
 #endif /* DROPBEAR_CHANNEL_H_ */
--- a/chansession.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/chansession.h	Fri Mar 18 22:47:33 2016 +0800
@@ -86,14 +86,14 @@
 
 void addnewvar(const char* param, const char* var);
 
-void cli_send_chansess_request();
-void cli_tty_cleanup();
-void cli_chansess_winchange();
+void cli_send_chansess_request(void);
+void cli_tty_cleanup(void);
+void cli_chansess_winchange(void);
 #ifdef ENABLE_CLI_NETCAT
-void cli_send_netcat_request();
+void cli_send_netcat_request(void);
 #endif
 
-void svr_chansessinitialise();
+void svr_chansessinitialise(void);
 extern const struct ChanType svrchansess;
 
 struct SigMap {
--- a/cli-chansession.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/cli-chansession.c	Fri Mar 18 22:47:33 2016 +0800
@@ -43,7 +43,7 @@
 static void cli_escape_handler(struct Channel *channel, unsigned char* buf, int *len);
 static int cli_init_netcat(struct Channel *channel);
 
-static void cli_tty_setup();
+static void cli_tty_setup(void);
 
 const struct ChanType clichansess = {
 	0, /* sepfds */
@@ -438,7 +438,6 @@
 		case '.':
 			dropbear_exit("Terminated");
 			return 1;
-			break;
 		case 0x1a:
 			/* ctrl-z */
 			cli_tty_cleanup();
@@ -447,9 +446,9 @@
 			cli_tty_setup();
 			cli_ses.winchange = 1;
 			return 1;
-			break;
+		default:
+			return 0;
 	}
-	return 0;
 }
 
 static
--- a/cli-runopts.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/cli-runopts.c	Fri Mar 18 22:47:33 2016 +0800
@@ -33,10 +33,10 @@
 
 cli_runopts cli_opts; /* GLOBAL */
 
-static void printhelp();
+static void printhelp(void);
 static void parse_hostname(const char* orighostarg);
 static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
-static void fill_own_user();
+static void fill_own_user(void);
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 static void loadidentityfile(const char* filename, int warnfail);
 #endif
@@ -315,6 +315,7 @@
 					break;
 				case 'b':
 					next = &dummy;
+					/* FALLTHROUGH */
 				default:
 					fprintf(stderr,
 						"WARNING: Ignoring unknown option -%c\n", c);
--- a/cli-session.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/cli-session.c	Fri Mar 18 22:47:33 2016 +0800
@@ -39,10 +39,10 @@
 #include "crypto_desc.h"
 #include "netio.h"
 
-static void cli_remoteclosed() ATTRIB_NORETURN;
-static void cli_sessionloop();
+static void cli_remoteclosed(void) ATTRIB_NORETURN;
+static void cli_sessionloop(void);
 static void cli_session_init(pid_t proxy_cmd_pid);
-static void cli_finished() ATTRIB_NORETURN;
+static void cli_finished(void) ATTRIB_NORETURN;
 static void recv_msg_service_accept(void);
 static void cli_session_cleanup(void);
 static void recv_msg_global_request_cli(void);
--- a/cli-tcpfwd.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/cli-tcpfwd.c	Fri Mar 18 22:47:33 2016 +0800
@@ -62,7 +62,7 @@
 
 #ifdef ENABLE_CLI_ANYTCPFWD
 static void fwd_failed(const char* format, ...) ATTRIB_PRINTF(1,2);
-void fwd_failed(const char* format, ...)
+static void fwd_failed(const char* format, ...)
 {
 	va_list param;
 	va_start(param, format);
--- a/common-algo.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/common-algo.c	Fri Mar 18 22:47:33 2016 +0800
@@ -265,13 +265,13 @@
  ecc_curve at runtime */
 #ifdef DROPBEAR_ECDH
 #ifdef DROPBEAR_ECC_256
-static struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
+static const struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
 #endif
 #ifdef DROPBEAR_ECC_384
-static struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc };
+static const struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc };
 #endif
 #ifdef DROPBEAR_ECC_521
-static struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc };
+static const struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc };
 #endif
 #endif /* DROPBEAR_ECDH */
 
--- a/common-kex.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/common-kex.c	Fri Mar 18 22:47:33 2016 +0800
@@ -38,13 +38,13 @@
 #include "ecc.h"
 #include "crypto_desc.h"
 
-static void kexinitialise();
-static void gen_new_keys();
+static void kexinitialise(void);
+static void gen_new_keys(void);
 #ifndef DISABLE_ZLIB
-static void gen_new_zstream_recv();
-static void gen_new_zstream_trans();
+static void gen_new_zstream_recv(void);
+static void gen_new_zstream_trans(void);
 #endif
-static void read_kex_algos();
+static void read_kex_algos(void);
 /* helper function for gen_new_keys */
 static void hashkeys(unsigned char *out, unsigned int outlen, 
 		const hash_state * hs, const unsigned char X);
--- a/common-session.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/common-session.c	Fri Mar 18 22:47:33 2016 +0800
@@ -36,10 +36,10 @@
 #include "runopts.h"
 #include "netio.h"
 
-static void checktimeouts();
-static long select_timeout();
+static void checktimeouts(void);
+static long select_timeout(void);
 static int ident_readln(int fd, char* buf, int count);
-static void read_session_identification();
+static void read_session_identification(void);
 
 struct sshsession ses; /* GLOBAL */
 
--- a/compat.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/compat.h	Fri Mar 18 22:47:33 2016 +0800
@@ -44,9 +44,9 @@
 #endif
 
 #ifndef HAVE_GETUSERSHELL
-char *getusershell();
-void setusershell();
-void endusershell();
+char *getusershell(void);
+void setusershell(void);
+void endusershell(void);
 #endif
 
 #ifndef DROPBEAR_PATH_DEVNULL
--- a/configure.ac	Tue Mar 15 23:20:40 2016 +0800
+++ b/configure.ac	Fri Mar 18 22:47:33 2016 +0800
@@ -375,6 +375,9 @@
 AC_CHECK_HEADERS([mach/mach_time.h])
 AC_CHECK_FUNCS(mach_absolute_time)
 
+AC_CHECK_FUNCS(explicit_bzero memset_s)
+
+
 AC_ARG_ENABLE(bundled-libtom,
 [  --enable-bundled-libtom       Force using bundled libtomcrypt/libtommath even if a system version exists.
   --disable-bundled-libtom      Force using system libtomcrypt/libtommath, fail if it does not exist.
--- a/crypto_desc.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/crypto_desc.h	Fri Mar 18 22:47:33 2016 +0800
@@ -1,7 +1,7 @@
 #ifndef DROPBEAR_CRYPTO_DESC_H
 #define DROPBEAR_CRYPTO_DESC_H
 
-void crypto_init();
+void crypto_init(void);
 
 extern int dropbear_ltc_prng;
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dbhelpers.c	Fri Mar 18 22:47:33 2016 +0800
@@ -0,0 +1,25 @@
+#include "dbhelpers.h"
+#include "includes.h"
+
+/* Erase data */
+void m_burn(void *data, unsigned int len) {
+
+#if defined(HAVE_MEMSET_S)
+	memset_s(data, len, 0x0, len);
+#elif defined(HAVE_EXPLICIT_BZERO)
+	explicit_bzero(data, len);
+#else
+/* Based on the method in David Wheeler's
+ * "Secure Programming for Linux and Unix HOWTO". May not be safe
+ * against link-time optimisation. */
+	volatile char *p = data;
+
+	if (data == NULL)
+		return;
+	while (len--) {
+		*p++ = 0x0;
+	}
+#endif
+}
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dbhelpers.h	Fri Mar 18 22:47:33 2016 +0800
@@ -0,0 +1,21 @@
+#ifndef DROPBEAR_DBHELPERS_H_
+#define DROPBEAR_DBHELPERS_H_
+
+/* This header defines some things that are also used by libtomcrypt/math. 
+   We avoid including normal include.h since that can result in conflicting 
+   definitinos - only include config.h */
+#include "config.h"
+
+#ifdef __GNUC__
+#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
+#define ATTRIB_NORETURN __attribute__((noreturn))
+#define ATTRIB_SENTINEL __attribute__((sentinel))
+#else
+#define ATTRIB_PRINTF(fmt,args)
+#define ATTRIB_NORETURN
+#define ATTRIB_SENTINEL
+#endif
+
+void m_burn(void* data, unsigned int len);
+
+#endif /* DROPBEAR_DBHELPERS_H_ */
--- a/dbrandom.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/dbrandom.c	Fri Mar 18 22:47:33 2016 +0800
@@ -32,7 +32,7 @@
 /* this is used to generate unique output from the same hashpool */
 static uint32_t counter = 0;
 /* the max value for the counter, so it won't integer overflow */
-#define MAX_COUNTER 1<<30 
+#define MAX_COUNTER (1<<30)
 
 static unsigned char hashpool[SHA1_HASH_SIZE] = {0};
 static int donerandinit = 0;
--- a/dbrandom.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/dbrandom.h	Fri Mar 18 22:47:33 2016 +0800
@@ -27,7 +27,7 @@
 
 #include "includes.h"
 
-void seedrandom();
+void seedrandom(void);
 void genrandom(unsigned char* buf, unsigned int len);
 void addrandom(unsigned char * buf, unsigned int len);
 void gen_random_mpint(mp_int *max, mp_int *rand);
--- a/dbutil.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/dbutil.c	Fri Mar 18 22:47:33 2016 +0800
@@ -559,21 +559,6 @@
 	return ret;
 }
 
-/* Clear the data, based on the method in David Wheeler's
- * "Secure Programming for Linux and Unix HOWTO" */
-/* Beware of calling this from within dbutil.c - things might get
- * optimised away */
-void m_burn(void *data, unsigned int len) {
-	volatile char *p = data;
-
-	if (data == NULL)
-		return;
-	while (len--) {
-		*p++ = 0x0;
-	}
-}
-
-
 void setnonblocking(int fd) {
 
 	TRACE(("setnonblocking: %d", fd))
--- a/dbutil.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/dbutil.h	Fri Mar 18 22:47:33 2016 +0800
@@ -29,21 +29,12 @@
 #include "includes.h"
 #include "buffer.h"
 #include "queue.h"
+#include "dbhelpers.h"
 
 #ifndef DISABLE_SYSLOG
 void startsyslog(const char *ident);
 #endif
 
-#ifdef __GNUC__
-#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
-#define ATTRIB_NORETURN __attribute__((noreturn))
-#define ATTRIB_SENTINEL __attribute__((sentinel))
-#else
-#define ATTRIB_PRINTF(fmt,args)
-#define ATTRIB_NORETURN
-#define ATTRIB_SENTINEL
-#endif
-
 extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
 extern void (*_dropbear_log)(int priority, const char* format, va_list param);
 
@@ -59,7 +50,7 @@
 void dropbear_trace2(const char* format, ...) ATTRIB_PRINTF(1,2);
 void printhex(const char * label, const unsigned char * buf, int len);
 void printmpint(const char *label, mp_int *mp);
-void debug_start_net();
+void debug_start_net(void);
 extern int debug_trace;
 #endif
 
@@ -79,9 +70,8 @@
 void * m_strdup(const char * str);
 void * m_realloc(void* ptr, size_t size);
 #define m_free(X) do {free(X); (X) = NULL;} while (0)
-void m_burn(void* data, unsigned int len);
 void setnonblocking(int fd);
-void disallow_core();
+void disallow_core(void);
 int m_str_to_uint(const char* str, unsigned int *val);
 
 /* Used to force mp_ints to be initialised */
@@ -95,7 +85,7 @@
 
 /* Returns a time in seconds that doesn't go backwards - does not correspond to
 a real-world clock */
-time_t monotonic_now();
+time_t monotonic_now(void);
 
 char * expand_homedir_path(const char *inpath);
 
--- a/debian/changelog	Tue Mar 15 23:20:40 2016 +0800
+++ b/debian/changelog	Fri Mar 18 22:47:33 2016 +0800
@@ -1,3 +1,9 @@
+dropbear (2016.73-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <[email protected]>  Fri, 18 Mar 2016 22:52:58 +0800
+
 dropbear (2016.72-0.1) unstable; urgency=low
 
   * New upstream release.
--- a/dh_groups.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/dh_groups.c	Fri Mar 18 22:47:33 2016 +0800
@@ -5,7 +5,7 @@
 /* diffie-hellman-group1-sha1 value for p */
 const unsigned char dh_p_1[DH_P_1_LEN] = {
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
 	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
 	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
 	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
@@ -21,7 +21,7 @@
 /* diffie-hellman-group14-sha1 value for p */
 const unsigned char dh_p_14[DH_P_14_LEN] = {
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 
-    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 
 	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
 	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
 	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
--- a/ecc.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/ecc.h	Fri Mar 18 22:47:33 2016 +0800
@@ -20,7 +20,7 @@
 extern struct dropbear_ecc_curve ecc_curve_nistp521;
 extern struct dropbear_ecc_curve *dropbear_ecc_curves[];
 
-void dropbear_ecc_fill_dp();
+void dropbear_ecc_fill_dp(void);
 struct dropbear_ecc_curve* curve_for_dp(const ltc_ecc_set_type *dp);
 
 /* "pubkey" refers to a point, but LTC uses ecc_key structure for both public
--- a/kex.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/kex.h	Fri Mar 18 22:47:33 2016 +0800
@@ -29,40 +29,40 @@
 #include "algo.h"
 #include "signkey.h"
 
-void send_msg_kexinit();
-void recv_msg_kexinit();
-void send_msg_newkeys();
-void recv_msg_newkeys();
-void kexfirstinitialise();
+void send_msg_kexinit(void);
+void recv_msg_kexinit(void);
+void send_msg_newkeys(void);
+void recv_msg_newkeys(void);
+void kexfirstinitialise(void);
 
-struct kex_dh_param *gen_kexdh_param();
+struct kex_dh_param *gen_kexdh_param(void);
 void free_kexdh_param(struct kex_dh_param *param);
 void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
 		sign_key *hostkey);
 
 #ifdef DROPBEAR_ECDH
-struct kex_ecdh_param *gen_kexecdh_param();
+struct kex_ecdh_param *gen_kexecdh_param(void);
 void free_kexecdh_param(struct kex_ecdh_param *param);
 void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
 		sign_key *hostkey);
 #endif
 
 #ifdef DROPBEAR_CURVE25519
-struct kex_curve25519_param *gen_kexcurve25519_param();
+struct kex_curve25519_param *gen_kexcurve25519_param(void);
 void free_kexcurve25519_param(struct kex_curve25519_param *param);
 void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *pub_them,
 		sign_key *hostkey);
 #endif
 
 #ifndef DISABLE_ZLIB
-int is_compress_trans();
-int is_compress_recv();
+int is_compress_trans(void);
+int is_compress_recv(void);
 #endif
 
-void recv_msg_kexdh_init(); /* server */
+void recv_msg_kexdh_init(void); /* server */
 
-void send_msg_kexdh_init(); /* client */
-void recv_msg_kexdh_reply(); /* client */
+void send_msg_kexdh_init(void); /* client */
+void recv_msg_kexdh_reply(void); /* client */
 
 struct KEXState {
 
--- a/libtomcrypt/src/headers/tomcrypt_custom.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/libtomcrypt/src/headers/tomcrypt_custom.h	Fri Mar 18 22:47:33 2016 +0800
@@ -1,7 +1,7 @@
 #ifndef TOMCRYPT_CUSTOM_H_
 #define TOMCRYPT_CUSTOM_H_
 
-/* this will sort out which stuff based on the user-config in options.h */
+/* compile options depend on Dropbear options.h */
 #include "options.h"
 
 /* macros for various libc functions you can change for embedded targets */
--- a/libtomcrypt/src/misc/zeromem.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/libtomcrypt/src/misc/zeromem.c	Fri Mar 18 22:47:33 2016 +0800
@@ -9,6 +9,7 @@
  * Tom St Denis, [email protected], http://libtomcrypt.com
  */
 #include "tomcrypt.h"
+#include "dbhelpers.h"
 
 /**
    @file zeromem.c
@@ -22,11 +23,7 @@
 */
 void zeromem(void *out, size_t outlen)
 {
-   unsigned char *mem = out;
-   LTC_ARGCHKVD(out != NULL);
-   while (outlen-- > 0) {
-      *mem++ = 0;
-   }
+   m_burn(out, outlen);
 }
 
 /* $Source: /cvs/libtom/libtomcrypt/src/misc/zeromem.c,v $ */
--- a/libtommath/Makefile.in	Tue Mar 15 23:20:40 2016 +0800
+++ b/libtommath/Makefile.in	Fri Mar 18 22:47:33 2016 +0800
@@ -8,10 +8,8 @@
 VPATH=@srcdir@
 srcdir=@srcdir@
 
-# Dropbear takes flags from the toplevel makefile
-CFLAGS += -I$(srcdir)
-
-#CFLAGS  +=  -I./ -Wall -W -Wshadow -Wsign-compare
+# So that libtommath can include Dropbear headers for options and m_burn()
+CFLAGS += -I$(srcdir)/../libtomcrypt/src/headers/ -I$(srcdir)/../
 
 ifndef IGNORE_SPEED
 
--- a/libtommath/bn_mp_clear.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/libtommath/bn_mp_clear.c	Fri Mar 18 22:47:33 2016 +0800
@@ -1,4 +1,5 @@
 #include <tommath.h>
+#include "dbhelpers.h"
 #ifdef BN_MP_CLEAR_C
 /* LibTomMath, multiple-precision integer library -- Tom St Denis
  *
@@ -19,17 +20,10 @@
 void
 mp_clear (mp_int * a)
 {
-  volatile mp_digit *p;
-  int len;
-
   /* only do anything if a hasn't been freed previously */
   if (a->dp != NULL) {
     /* first zero the digits */
-	len = a->alloc;
-	p = a->dp;
-	while (len--) {
-		*p++ = 0;
-	}
+	m_burn(a->dp, a->alloc * sizeof(*a->dp));
 
     /* free ram */
     XFREE(a->dp);
--- a/list.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/list.h	Fri Mar 18 22:47:33 2016 +0800
@@ -19,7 +19,7 @@
 
 typedef struct _m_list m_list;
 
-m_list * list_new();
+m_list * list_new(void);
 void list_append(m_list *list, void *item);
 /* returns the item for the element removed */
 void * list_remove(m_list_elem *elem);
--- a/listener.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/listener.h	Fri Mar 18 22:47:33 2016 +0800
@@ -46,7 +46,7 @@
 
 };
 
-void listeners_initialise();
+void listeners_initialise(void);
 void handle_listeners(fd_set * readfds);
 void set_listener_fds(fd_set * readfds);
 
--- a/ltc_prng.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/ltc_prng.c	Fri Mar 18 22:47:33 2016 +0800
@@ -123,14 +123,14 @@
 const struct ltc_prng_descriptor dropbear_prng_desc =
 {
     "dropbear_prng", 0,
-    &dropbear_prng_start,
-    &dropbear_prng_add_entropy,
-    &dropbear_prng_ready,
-    &dropbear_prng_read,
-    &dropbear_prng_done,
-    &dropbear_prng_export,
-    &dropbear_prng_import,
-    &dropbear_prng_test
+    dropbear_prng_start,
+    dropbear_prng_add_entropy,
+    dropbear_prng_ready,
+    dropbear_prng_read,
+    dropbear_prng_done,
+    dropbear_prng_export,
+    dropbear_prng_import,
+    dropbear_prng_test
 };
 
 
--- a/netio.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/netio.h	Fri Mar 18 22:47:33 2016 +0800
@@ -36,7 +36,7 @@
 /* Handles ready sockets after select() */
 void handle_connect_fds(fd_set *writefd);
 /* Cleanup */
-void remove_connect_pending();
+void remove_connect_pending(void);
 
 /* Doesn't actually stop the connect, but adds a dummy callback instead */
 void cancel_connect(struct dropbear_progress_connection *c);
--- a/packet.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/packet.c	Fri Mar 18 22:47:33 2016 +0800
@@ -36,11 +36,11 @@
 #include "channel.h"
 #include "netio.h"
 
-static int read_packet_init();
+static int read_packet_init(void);
 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
 		buffer * clear_buf, unsigned int clear_len, 
 		unsigned char *output_mac);
-static int checkmac();
+static int checkmac(void);
 
 /* For exact details see http://www.zlib.net/zlib_tech.html
  * 5 bytes per 16kB block, plus 6 bytes for the stream.
--- a/packet.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/packet.h	Fri Mar 18 22:47:33 2016 +0800
@@ -30,19 +30,19 @@
 #include "queue.h"
 #include "buffer.h"
 
-void write_packet();
-void read_packet();
-void decrypt_packet();
-void encrypt_packet();
+void write_packet(void);
+void read_packet(void);
+void decrypt_packet(void);
+void encrypt_packet(void);
 
 void writebuf_enqueue(buffer * writebuf, unsigned char packet_type);
 
-void process_packet();
+void process_packet(void);
 
-void maybe_flush_reply_queue();
+void maybe_flush_reply_queue(void);
 typedef struct PacketType {
 	unsigned char type; /* SSH_MSG_FOO */
-	void (*handler)();
+	void (*handler)(void);
 } packettype;
 
 #define PACKET_PADDING_OFF 4
--- a/process-packet.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/process-packet.c	Fri Mar 18 22:47:33 2016 +0800
@@ -37,7 +37,7 @@
 
 #define MAX_UNAUTH_PACKET_TYPE SSH_MSG_USERAUTH_PK_OK
 
-static void recv_unimplemented();
+static void recv_unimplemented(void);
 
 /* process a decrypted packet, call the appropriate handler */
 void process_packet() {
--- a/rsa.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/rsa.h	Fri Mar 18 22:47:33 2016 +0800
@@ -30,7 +30,7 @@
 
 #ifdef DROPBEAR_RSA 
 
-#define RSA_SIGNATURE_SIZE 4+7+4+40
+#define RSA_SIGNATURE_SIZE (4+7+4+40)
 
 typedef struct {
 
--- a/runopts.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/runopts.h	Fri Mar 18 22:47:33 2016 +0800
@@ -64,7 +64,7 @@
 
 int readhostkey(const char * filename, sign_key * hostkey, 
 	enum signkey_type *type);
-void load_all_hostkeys();
+void load_all_hostkeys(void);
 
 typedef struct svr_runopts {
 
@@ -119,7 +119,7 @@
 extern svr_runopts svr_opts;
 
 void svr_getopts(int argc, char ** argv);
-void loadhostkeys();
+void loadhostkeys(void);
 
 typedef struct cli_runopts {
 
@@ -170,7 +170,7 @@
 void cli_getopts(int argc, char ** argv);
 
 #ifdef ENABLE_USER_ALGO_LIST
-void parse_ciphers_macs();
+void parse_ciphers_macs(void);
 #endif
 
 void print_version(void);
--- a/scp.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/scp.c	Fri Mar 18 22:47:33 2016 +0800
@@ -672,7 +672,7 @@
 			}
 			continue;
 		}
-#if PROGRESS_METER
+#ifdef PROGRESS_METER
 		if (showprogress)
 			start_progress_meter(curfile, stb.st_size, &statbytes);
 #endif
@@ -772,7 +772,7 @@
 bwlimit(int amount)
 {
 	static struct timeval bwstart, bwend;
-	static int lamt, thresh = 16384;
+	static int lamt = 0, thresh = 16384;
 	uint64_t waitlen;
 	struct timespec ts, rm;
 
@@ -841,7 +841,7 @@
 
 #define	atime	tv[0]
 #define	mtime	tv[1]
-#define	SCREWUP(str)	{ why = str; goto screwup; }
+#define	SCREWUP(str)	do { why = str; goto screwup; } while (0)
 
 	setimes = targisdir = 0;
 	mask = umask(0);
@@ -940,8 +940,8 @@
 			exit(1);
 		}
 		if (targisdir) {
-			static char *namebuf;
-			static size_t cursize;
+			static char *namebuf = NULL;
+			static size_t cursize = 0;
 			size_t need;
 
 			need = strlen(targ) + strlen(cp) + 250;
@@ -1153,7 +1153,7 @@
 void
 run_err(const char *fmt,...)
 {
-	static FILE *fp;
+	static FILE *fp = NULL;
 	va_list ap;
 
 	++errs;
--- a/service.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/service.h	Fri Mar 18 22:47:33 2016 +0800
@@ -25,6 +25,6 @@
 #ifndef DROPBEAR_SERVICE_H_
 #define DROPBEAR_SERVICE_H_
 
-void recv_msg_service_request(); /* Server */
+void recv_msg_service_request(void); /* Server */
 
 #endif /* DROPBEAR_SERVICE_H_ */
--- a/session.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/session.h	Fri Mar 18 22:47:33 2016 +0800
@@ -45,14 +45,14 @@
 
 void common_session_init(int sock_in, int sock_out);
 void session_loop(void(*loophandler)()) ATTRIB_NORETURN;
-void session_cleanup();
-void send_session_identification();
-void send_msg_ignore();
-void ignore_recv_response();
+void session_cleanup(void);
+void send_session_identification(void);
+void send_msg_ignore(void);
+void ignore_recv_response(void);
 
-void update_channel_prio();
+void update_channel_prio(void);
 
-const char* get_user_shell();
+const char* get_user_shell(void);
 void fill_passwd(const char* username);
 
 /* Server */
@@ -64,7 +64,7 @@
 void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) ATTRIB_NORETURN;
 void cli_connected(int result, int sock, void* userdata, const char *errstring);
 void cleantext(char* dirtytext);
-void kill_proxy_command();
+void kill_proxy_command(void);
 
 /* crypto parameters that are stored individually for transmit and receive */
 struct key_context_directional {
@@ -189,11 +189,11 @@
 	   concluded (ie, while dataallowed was unset)*/
 	struct packetlist *reply_queue_head, *reply_queue_tail;
 
-	void(*remoteclosed)(); /* A callback to handle closure of the
+	void(*remoteclosed)(void); /* A callback to handle closure of the
 									  remote connection */
 
-	void(*extra_session_cleanup)(); /* client or server specific cleanup */
-	void(*send_kex_first_guess)();
+	void(*extra_session_cleanup)(void); /* client or server specific cleanup */
+	void(*send_kex_first_guess)(void);
 
 	struct AuthState authstate; /* Common amongst client and server, since most
 								   struct elements are common */
--- a/signkey.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/signkey.c	Fri Mar 18 22:47:33 2016 +0800
@@ -29,7 +29,7 @@
 #include "ssh.h"
 #include "ecdsa.h"
 
-static const char *signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
+static const char * const signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
 #ifdef DROPBEAR_RSA
 	"ssh-rsa",
 #endif
--- a/signkey.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/signkey.h	Fri Mar 18 22:47:33 2016 +0800
@@ -82,7 +82,7 @@
 
 typedef struct SIGN_key sign_key;
 
-sign_key * new_sign_key();
+sign_key * new_sign_key(void);
 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen);
 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen);
 int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type);
--- a/svr-auth.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/svr-auth.c	Fri Mar 18 22:47:33 2016 +0800
@@ -35,7 +35,7 @@
 #include "runopts.h"
 #include "dbrandom.h"
 
-static void authclear();
+static void authclear(void);
 static int checkusername(char *username, unsigned int userlen);
 
 /* initialise the first time for a session, resetting all parameters */
--- a/svr-authpubkey.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/svr-authpubkey.c	Fri Mar 18 22:47:33 2016 +0800
@@ -72,7 +72,7 @@
 
 static int checkpubkey(char* algo, unsigned int algolen,
 		unsigned char* keyblob, unsigned int keybloblen);
-static int checkpubkeyperms();
+static int checkpubkeyperms(void);
 static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen,
 		unsigned char* keyblob, unsigned int keybloblen);
 static int checkfileperm(char * filename);
--- a/svr-main.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/svr-main.c	Fri Mar 18 22:47:33 2016 +0800
@@ -36,12 +36,12 @@
 static void sigsegv_handler(int);
 static void sigintterm_handler(int fish);
 #ifdef INETD_MODE
-static void main_inetd();
+static void main_inetd(void);
 #endif
 #ifdef NON_INETD_MODE
-static void main_noinetd();
+static void main_noinetd(void);
 #endif
-static void commonsetup();
+static void commonsetup(void);
 
 #if defined(DBMULTI_dropbear) || !defined(DROPBEAR_MULTI)
 #if defined(DBMULTI_dropbear) && defined(DROPBEAR_MULTI)
@@ -104,7 +104,7 @@
 #endif /* INETD_MODE */
 
 #ifdef NON_INETD_MODE
-void main_noinetd() {
+static void main_noinetd() {
 	fd_set fds;
 	unsigned int i, j;
 	int val;
@@ -306,8 +306,8 @@
 #endif
 
 				/* make sure we close sockets */
-				for (i = 0; i < listensockcount; i++) {
-					m_close(listensocks[i]);
+				for (j = 0; j < listensockcount; j++) {
+					m_close(listensocks[j]);
 				}
 
 				m_close(childpipe[0]);
@@ -338,7 +338,7 @@
 
 	const int saved_errno = errno;
 
-	while(waitpid(-1, NULL, WNOHANG) > 0); 
+	while(waitpid(-1, NULL, WNOHANG) > 0) {}
 
 	sa_chld.sa_handler = sigchld_handler;
 	sa_chld.sa_flags = SA_NOCLDSTOP;
--- a/svr-session.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/svr-session.c	Fri Mar 18 22:47:33 2016 +0800
@@ -41,7 +41,7 @@
 #include "runopts.h"
 #include "crypto_desc.h"
 
-static void svr_remoteclosed();
+static void svr_remoteclosed(void);
 
 struct serversession svr_ses; /* GLOBAL */
 
--- a/svr-tcpfwd.c	Tue Mar 15 23:20:40 2016 +0800
+++ b/svr-tcpfwd.c	Fri Mar 18 22:47:33 2016 +0800
@@ -46,8 +46,8 @@
 /* */
 #endif /* !ENABLE_SVR_REMOTETCPFWD */
 
-static int svr_cancelremotetcp();
-static int svr_remotetcpreq();
+static int svr_cancelremotetcp(void);
+static int svr_remotetcpreq(void);
 static int newtcpdirect(struct Channel * channel);
 
 #ifdef ENABLE_SVR_REMOTETCPFWD
--- a/sysoptions.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/sysoptions.h	Fri Mar 18 22:47:33 2016 +0800
@@ -4,7 +4,7 @@
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2016.72"
+#define DROPBEAR_VERSION "2016.73"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
--- a/tcpfwd.h	Tue Mar 15 23:20:40 2016 +0800
+++ b/tcpfwd.h	Fri Mar 18 22:47:33 2016 +0800
@@ -57,16 +57,16 @@
 };
 
 /* Server */
-void recv_msg_global_request_remotetcp();
+void recv_msg_global_request_remotetcp(void);
 
 extern const struct ChanType svr_chan_tcpdirect;
 
 /* Client */
-void setup_localtcp();
-void setup_remotetcp();
+void setup_localtcp(void);
+void setup_remotetcp(void);
 extern const struct ChanType cli_chan_tcpremote;
-void cli_recv_msg_request_success();
-void cli_recv_msg_request_failure();
+void cli_recv_msg_request_success(void);
+void cli_recv_msg_request_failure(void);
 
 /* Common */
 int listen_tcpfwd(struct TCPListener* tcpinfo);