Compare revisions

Ben Gardner · Kevin Darbyshire-Bryant · Matt Johnston · Matt Johnston · Matt Johnston · Matt Johnston
--- a/INSTALL
+++ b/INSTALL
@@ -22,7 +22,11 @@ recompiling - bad things will happen otherwise)
  
 See MULTI for instructions on making all-in-one binaries.
  
-If you want to compile statically, add "STATIC=1" to the make command-line.
+If you want to compile statically use ./configure --enable-static
+
+By default Dropbear adds various build flags that improve robustness 
+against programming bugs (good for security) - if these cause problems
+they can be disabled with ./configure --disable-harden
  
 Binaries can be stripped with "make strip"
  

--- a/Makefile.in
+++ b/Makefile.in
@@ -2,12 +2,11 @@
 # @configure_input@
  
 # invocation:
-# make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1
+# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1
 #
-# to make a multiple-program statically linked binary "staticdropbearmulti".
+# to make a multiple-program binary "dropbearmulti".
 # This example will include dropbear, scp, dropbearkey, dropbearconvert, and
 # dbclient functionality, and includes the progress-bar functionality in scp.
-# Hopefully that seems intuitive.
  
 ifndef PROGRAMS
 	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
@@ -94,6 +93,8 @@ LDFLAGS=@LDFLAGS@
  
 EXEEXT=@EXEEXT@
  
+STATIC=@STATIC@
+
 # whether we're building client, server, or both for the common objects.
 # evilness so we detect 'dropbear' by itself as a word
 space:= $(empty) $(empty)
@@ -115,7 +116,7 @@ ifeq ($(STATIC), 1)
 endif
  
 ifeq ($(MULTI), 1)
-	TARGETS=dropbearmulti
+	TARGETS=dropbearmulti$(EXEEXT)
 else
 	TARGETS=$(PROGRAMS)
 endif
@@ -132,14 +133,14 @@ strip: $(TARGETS)
  
 install: $(addprefix inst_, $(TARGETS))
  
-insmultidropbear: dropbearmulti
+insmultidropbear: dropbearmulti$(EXEEXT)
 	$(INSTALL) -d $(DESTDIR)$(sbindir)
 	-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
 	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) 
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
 	$(INSTALL) -m 644 $(srcdir)/dropbear.8  $(DESTDIR)$(mandir)/man8/dropbear.8
  
-insmulti%: dropbearmulti
+insmulti%: dropbearmulti$(EXEEXT)
 	$(INSTALL) -d $(DESTDIR)$(bindir)
 	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) 
 	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) 
@@ -219,8 +220,9 @@ sizes: dropbear
 clean: ltc-clean ltm-clean thisclean
  
 thisclean:
-	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \
-			dropbearmulti *.o *.da *.bb *.bbg *.prof
+	-rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \
+			dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \
+			dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof
  
 distclean: clean tidy
 	-rm -f config.h

--- a/agentfwd.h
+++ b/agentfwd.h
@@ -40,8 +40,8 @@
 /* client functions */
 void cli_load_agent_keys(m_list * ret_list);
 void agent_buf_sign(buffer *sigblob, sign_key *key, 
-	buffer *data_buf);
-void cli_setup_agent(struct Channel *channel);
+	const buffer *data_buf);
+void cli_setup_agent(const struct Channel *channel);
  
 #ifdef __hpux
 #define seteuid(a)       setresuid(-1, (a), -1)
@@ -56,7 +56,7 @@ extern const struct ChanType cli_chan_agent;
  
 int svr_agentreq(struct ChanSess * chansess);
 void svr_agentcleanup(struct ChanSess * chansess);
-void svr_agentset(struct ChanSess *chansess);
+void svr_agentset(const struct ChanSess *chansess);
  
 #endif /* DROPBEAR_SVR_AGENTFWD */
  

--- a/algo.h
+++ b/algo.h
@@ -112,8 +112,8 @@ struct dropbear_kex {
 	const struct ltc_hash_descriptor *hash_desc;
 };
  
-int have_algo(char* algo, size_t algolen, algo_type algos[]);
-void buf_put_algolist(buffer * buf, algo_type localalgos[]);
+int have_algo(const char* algo, size_t algolen, const algo_type algos[]);
+void buf_put_algolist(buffer * buf, const algo_type localalgos[]);
  
 enum kexguess2_used {
 	KEXGUESS2_LOOK,
@@ -131,7 +131,7 @@ algo_type * buf_match_algo(buffer* buf, algo_type localalgos[],
 #if DROPBEAR_USER_ALGO_LIST
 int check_user_algos(const char* user_algo_list, algo_type * algos, 
 		const char *algo_desc);
-char * algolist_string(algo_type algos[]);
+char * algolist_string(const algo_type algos[]);
 #endif
  
 enum {

--- a/auth.h
+++ b/auth.h
@@ -36,7 +36,7 @@ void cli_authinitialise(void);
 void recv_msg_userauth_request(void);
 void send_msg_userauth_failure(int partial, int incrfail);
 void send_msg_userauth_success(void);
-void send_msg_userauth_banner(buffer *msg);
+void send_msg_userauth_banner(const buffer *msg);
 void svr_auth_password(void);
 void svr_auth_pubkey(void);
 void svr_auth_pam(void);
@@ -74,7 +74,7 @@ void cli_pubkeyfail(void);
 void cli_auth_password(void);
 int cli_auth_pubkey(void);
 void cli_auth_interactive(void);
-char* getpass_or_cancel(char* prompt);
+char* getpass_or_cancel(const char* prompt);
 void cli_auth_pubkey_cleanup(void);
  
  

--- a/buffer.c
+++ b/buffer.c
@@ -67,7 +67,7 @@ void buf_free(buffer* buf) {
 }
  
 /* overwrite the contents of the buffer to clear it */
-void buf_burn(buffer* buf) {
+void buf_burn(const buffer* buf) {
 	
 	m_burn(buf->data, buf->size);
  
@@ -91,7 +91,7 @@ buffer* buf_resize(buffer *buf, unsigned int newsize) {
  
 /* Create a copy of buf, allocating required memory etc. */
 /* The new buffer is sized the same as the length of the source buffer. */
-buffer* buf_newcopy(buffer* buf) {
+buffer* buf_newcopy(const buffer* buf) {
 	
 	buffer* ret;
  
@@ -184,7 +184,7 @@ void buf_putbyte(buffer* buf, unsigned char val) {
  
 /* returns an in-place pointer to the buffer, checking that
 * the next len bytes from that position can be used */
-unsigned char* buf_getptr(buffer* buf, unsigned int len) {
+unsigned char* buf_getptr(const buffer* buf, unsigned int len) {
  
 	if (len > BUF_MAX_INCR || buf->pos + len > buf->len) {
 		dropbear_exit("Bad buf_getptr");
@@ -194,7 +194,7 @@ unsigned char* buf_getptr(buffer* buf, unsigned int len) {
  
 /* like buf_getptr, but checks against total size, not used length.
 * This allows writing past the used length, but not past the size */
-unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) {
+unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len) {
  
 	if (len > BUF_MAX_INCR || buf->pos + len > buf->size) {
 		dropbear_exit("Bad buf_getwriteptr");

--- a/buffer.h
+++ b/buffer.h
@@ -44,8 +44,8 @@ buffer * buf_new(unsigned int size);
 /* Possibly returns a new buffer*, like realloc() */
 buffer * buf_resize(buffer *buf, unsigned int newsize);
 void buf_free(buffer* buf);
-void buf_burn(buffer* buf);
-buffer* buf_newcopy(buffer* buf);
+void buf_burn(const buffer* buf);
+buffer* buf_newcopy(const buffer* buf);
 void buf_setlen(buffer* buf, unsigned int len);
 void buf_incrlen(buffer* buf, unsigned int incr);
 void buf_setpos(buffer* buf, unsigned int pos);
@@ -54,8 +54,8 @@ void buf_incrwritepos(buffer* buf, unsigned int incr);
 unsigned char buf_getbyte(buffer* buf);
 unsigned char buf_getbool(buffer* buf);
 void buf_putbyte(buffer* buf, unsigned char val);
-unsigned char* buf_getptr(buffer* buf, unsigned int len);
-unsigned char* buf_getwriteptr(buffer* buf, unsigned int len);
+unsigned char* buf_getptr(const buffer* buf, unsigned int len);
+unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len);
 char* buf_getstring(buffer* buf, unsigned int *retlen);
 buffer * buf_getstringbuf(buffer *buf);
 void buf_eatstring(buffer *buf);

--- a/channel.h
+++ b/channel.h
@@ -84,7 +84,7 @@ struct Channel {
 	int flushing;
  
 	/* Used by client chansession to handle ~ escaping, NULL ignored otherwise */
-	void (*read_mangler)(struct Channel*, unsigned char* bytes, int *len);
+	void (*read_mangler)(const struct Channel*, const unsigned char* bytes, int *len);
  
 	const struct ChanType* type;
  
@@ -98,7 +98,7 @@ struct ChanType {
 	int (*inithandler)(struct Channel*);
 	int (*check_close)(struct Channel*);
 	void (*reqhandler)(struct Channel*);
-	void (*closehandler)(struct Channel*);
+	void (*closehandler)(const struct Channel*);
 };
  
 /* Callback for connect_remote */
@@ -107,7 +107,7 @@ void channel_connect_done(int result, int sock, void* user_data, const char* err
 void chaninitialise(const struct ChanType *chantypes[]);
 void chancleanup(void);
 void setchannelfds(fd_set *readfds, fd_set *writefds, int allow_reads);
-void channelio(fd_set *readfd, fd_set *writefd);
+void channelio(const fd_set *readfd, const fd_set *writefd);
 struct Channel* getchannel(void);
 /* Returns an arbitrary channel that is in a ready state - not
 being initialised and no EOF in either direction. NULL if none. */
@@ -115,8 +115,8 @@ struct Channel* get_any_ready_channel(void);
  
 void recv_msg_channel_open(void);
 void recv_msg_channel_request(void);
-void send_msg_channel_failure(struct Channel *channel);
-void send_msg_channel_success(struct Channel *channel);
+void send_msg_channel_failure(const struct Channel *channel);
+void send_msg_channel_success(const struct Channel *channel);
 void recv_msg_channel_data(void);
 void recv_msg_channel_extended_data(void);
 void recv_msg_channel_window_adjust(void);
@@ -135,7 +135,7 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type);
 void recv_msg_channel_open_confirmation(void);
 void recv_msg_channel_open_failure(void);
 #endif
-void start_send_channel_request(struct Channel *channel, char *type);
+void start_send_channel_request(const struct Channel *channel, const char *type);
  
 void send_msg_request_success(void);
 void send_msg_request_failure(void);

--- a/circbuffer.c
+++ b/circbuffer.c
@@ -56,19 +56,19 @@ void cbuf_free(circbuffer * cbuf) {
 	m_free(cbuf);
 }
  
-unsigned int cbuf_getused(circbuffer * cbuf) {
+unsigned int cbuf_getused(const circbuffer * cbuf) {
  
 	return cbuf->used;
  
 }
  
-unsigned int cbuf_getavail(circbuffer * cbuf) {
+unsigned int cbuf_getavail(const circbuffer * cbuf) {
  
 	return cbuf->size - cbuf->used;
  
 }
  
-unsigned int cbuf_writelen(circbuffer *cbuf) {
+unsigned int cbuf_writelen(const circbuffer *cbuf) {
  
 	dropbear_assert(cbuf->used <= cbuf->size);
 	dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
@@ -86,7 +86,7 @@ unsigned int cbuf_writelen(circbuffer *cbuf) {
 	return cbuf->size - cbuf->writepos;
 }
  
-void cbuf_readptrs(circbuffer *cbuf, 
+void cbuf_readptrs(const circbuffer *cbuf,
 	unsigned char **p1, unsigned int *len1, 
 	unsigned char **p2, unsigned int *len2) {
 	*p1 = &cbuf->data[cbuf->readpos];

--- a/circbuffer.h
+++ b/circbuffer.h
@@ -38,12 +38,12 @@ typedef struct circbuf circbuffer;
 circbuffer * cbuf_new(unsigned int size);
 void cbuf_free(circbuffer * cbuf);
  
-unsigned int cbuf_getused(circbuffer * cbuf); /* how much data stored */
-unsigned int cbuf_getavail(circbuffer * cbuf); /* how much we can write */
-unsigned int cbuf_writelen(circbuffer *cbuf); /* max linear write len */
+unsigned int cbuf_getused(const circbuffer * cbuf); /* how much data stored */
+unsigned int cbuf_getavail(const circbuffer * cbuf); /* how much we can write */
+unsigned int cbuf_writelen(const circbuffer *cbuf); /* max linear write len */
  
 /* returns pointers to the two portions of the circular buffer that can be read */
-void cbuf_readptrs(circbuffer *cbuf, 
+void cbuf_readptrs(const circbuffer *cbuf,
 	unsigned char **p1, unsigned int *len1, 
 	unsigned char **p2, unsigned int *len2);
 unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len);

--- a/cli-agentfwd.c
+++ b/cli-agentfwd.c
@@ -108,7 +108,7 @@ static int new_agent_chan(struct Channel * channel) {
   data        Any data, depending on packet type.  Encoding as in the ssh packet
               protocol.
 */
-static buffer * agent_request(unsigned char type, buffer *data) {
+static buffer * agent_request(unsigned char type, const buffer *data) {
  
 	buffer * payload = NULL;
 	buffer * inbuf = NULL;
@@ -230,7 +230,7 @@ out:
 	}
 }
  
-void cli_setup_agent(struct Channel *channel) {
+void cli_setup_agent(const struct Channel *channel) {
 	if (!getenv("SSH_AUTH_SOCK")) {
 		return;
 	}
@@ -254,7 +254,7 @@ void cli_load_agent_keys(m_list *ret_list) {
 }
  
 void agent_buf_sign(buffer *sigblob, sign_key *key, 
-		buffer *data_buf) {
+		const buffer *data_buf) {
 	buffer *request_data = NULL;
 	buffer *response = NULL;
 	unsigned int siglen;

--- a/cli-auth.c
+++ b/cli-auth.c
@@ -331,7 +331,7 @@ int cli_auth_try() {
 #if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH
 /* A helper for getpass() that exits if the user cancels. The returned
 * password is statically allocated by getpass() */
-char* getpass_or_cancel(char* prompt)
+char* getpass_or_cancel(const char* prompt)
 {
 	char* password = NULL;
 	

--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -121,7 +121,7 @@ void recv_msg_userauth_pk_ok() {
 }
  
 void cli_buf_put_sign(buffer* buf, sign_key *key, int type, 
-			buffer *data_buf) {
+			const buffer *data_buf) {
 #if DROPBEAR_CLI_AGENTFWD
 	if (key->source == SIGNKEY_SOURCE_AGENT) {
 		/* Format the agent signature ourselves, as buf_put_sign would. */

--- a/cli-chansession.c
+++ b/cli-chansession.c
@@ -35,12 +35,12 @@
 #include "chansession.h"
 #include "agentfwd.h"
  
-static void cli_closechansess(struct Channel *channel);
+static void cli_closechansess(const struct Channel *channel);
 static int cli_initchansess(struct Channel *channel);
 static void cli_chansessreq(struct Channel *channel);
-static void send_chansess_pty_req(struct Channel *channel);
-static void send_chansess_shell_req(struct Channel *channel);
-static void cli_escape_handler(struct Channel *channel, unsigned char* buf, int *len);
+static void send_chansess_pty_req(const struct Channel *channel);
+static void send_chansess_shell_req(const struct Channel *channel);
+static void cli_escape_handler(const struct Channel *channel, const unsigned char* buf, int *len);
 static int cli_init_netcat(struct Channel *channel);
  
 static void cli_tty_setup(void);
@@ -83,7 +83,7 @@ out:
 	
  
 /* If the main session goes, we close it up */
-static void cli_closechansess(struct Channel *UNUSED(channel)) {
+static void cli_closechansess(const struct Channel *UNUSED(channel)) {
 	cli_tty_cleanup(); /* Restore tty modes etc */
  
 	/* This channel hasn't gone yet, so we have > 1 */
@@ -270,7 +270,7 @@ void cli_chansess_winchange() {
 	cli_ses.winchange = 0;
 }
  
-static void send_chansess_pty_req(struct Channel *channel) {
+static void send_chansess_pty_req(const struct Channel *channel) {
  
 	char* term = NULL;
  
@@ -303,7 +303,7 @@ static void send_chansess_pty_req(struct Channel *channel) {
 	TRACE(("leave send_chansess_pty_req"))
 }
  
-static void send_chansess_shell_req(struct Channel *channel) {
+static void send_chansess_shell_req(const struct Channel *channel) {
  
 	char* reqtype = NULL;
  
@@ -452,7 +452,7 @@ do_escape(unsigned char c) {
 }
  
 static
-void cli_escape_handler(struct Channel* UNUSED(channel), unsigned char* buf, int *len) {
+void cli_escape_handler(const struct Channel* UNUSED(channel), const unsigned char* buf, int *len) {
 	char c;
 	int skip_char = 0;
  

--- a/cli-kex.c
+++ b/cli-kex.c
@@ -39,7 +39,7 @@
 #include "ecc.h"
  
  
-static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
+static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen);
 #define MAX_KNOWNHOSTS_LINE 4500
  
 void send_msg_kexdh_init() {
@@ -185,7 +185,7 @@ void recv_msg_kexdh_reply() {
 	TRACE(("leave recv_msg_kexdh_init"))
 }
  
-static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen,
+static void ask_to_confirm(const unsigned char* keyblob, unsigned int keybloblen,
 	const char* algoname) {
  
 	char* fp = NULL;
@@ -282,7 +282,7 @@ out:
 	return hostsfile;
 }
  
-static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
+static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen) {
  
 	FILE *hostsfile = NULL;
 	int readonly = 0;

--- a/cli-main.c
+++ b/cli-main.c
@@ -66,8 +66,8 @@ int main(int argc, char ** argv) {
 	}
 #endif
  
-	TRACE(("user='%s' host='%s' port='%s'", cli_opts.username,
-				cli_opts.remotehost, cli_opts.remoteport))
+	TRACE(("user='%s' host='%s' port='%s' bind_address='%s' bind_port='%s'", cli_opts.username,
+				cli_opts.remotehost, cli_opts.remoteport, cli_opts.bind_address, cli_opts.bind_port))
  
 	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
 		dropbear_exit("signal() error");
@@ -86,7 +86,8 @@ int main(int argc, char ** argv) {
 	} else
 #endif
 	{
-		progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, cli_connected, &ses);
+		progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
+			cli_connected, &ses, cli_opts.bind_address, cli_opts.bind_port);
 		sock_in = sock_out = -1;
 	}
  
@@ -142,7 +143,7 @@ static void cli_dropbear_log(int priority,
 	fflush(stderr);
 }
  
-static void exec_proxy_cmd(void *user_data_cmd) {
+static void exec_proxy_cmd(const void *user_data_cmd) {
 	const char *cmd = user_data_cmd;
 	char *usershell;
  

--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -92,6 +92,7 @@ static void printhelp() {
 					"-c <cipher list> Specify preferred ciphers ('-c help' to list options)\n"
 					"-m <MAC list> Specify preferred MACs for packet verification (or '-m help')\n"
 #endif
+					"-b    [bind_address][:bind_port]\n"
 					"-V    Version\n"
 #if DEBUG_TRACE
 					"-v    verbose (compiled with DEBUG_TRACE)\n"
@@ -125,12 +126,12 @@ void cli_getopts(int argc, char ** argv) {
 		OPT_OTHER
 	} opt;
 	unsigned int cmdlen;
-	char* dummy = NULL; /* Not used for anything real */
  
 	char* recv_window_arg = NULL;
 	char* keepalive_arg = NULL;
 	char* idle_timeout_arg = NULL;
 	char *host_arg = NULL;
+	char *bind_arg = NULL;
 	char c;
  
 	/* see printhelp() for options */
@@ -166,6 +167,8 @@ void cli_getopts(int argc, char ** argv) {
 #if DROPBEAR_CLI_PROXYCMD
 	cli_opts.proxycmd = NULL;
 #endif
+	cli_opts.bind_address = NULL;
+	cli_opts.bind_port = NULL;
 #ifndef DISABLE_ZLIB
 	opts.compress_mode = DROPBEAR_COMPRESS_ON;
 #endif
@@ -314,8 +317,8 @@ void cli_getopts(int argc, char ** argv) {
 					exit(EXIT_SUCCESS);
 					break;
 				case 'b':
-					next = &dummy;
-					/* FALLTHROUGH */
+					next = &bind_arg;
+					break;
 				default:
 					fprintf(stderr,
 						"WARNING: Ignoring unknown option -%c\n", c);
@@ -420,6 +423,18 @@ void cli_getopts(int argc, char ** argv) {
 		cli_opts.remoteport = "22";
 	}
  
+	if (bind_arg) {
+		/* split [host][:port] */
+		char *port = strrchr(bind_arg, ':');
+		if (port) {
+			cli_opts.bind_port = m_strdup(port+1);
+			*port = '\0';
+		}
+		if (strlen(bind_arg) > 0) {
+			cli_opts.bind_address = m_strdup(bind_arg);
+		}
+	}
+
 	/* If not explicitly specified with -t or -T, we don't want a pty if
 	 * there's a command, but we do otherwise */
 	if (cli_opts.wantpty == 9) {

--- a/cli-session.c
+++ b/cli-session.c
@@ -165,13 +165,6 @@ static void cli_session_init(pid_t proxy_cmd_pid) {
 	cli_ses.lastprivkey = NULL;
 	cli_ses.lastauthtype = 0;
  
-#if DROPBEAR_NONE_CIPHER
-	cli_ses.cipher_none_after_auth = get_algo_usable(sshciphers, "none");
-	set_algo_usable(sshciphers, "none", 0);
-#else
-	cli_ses.cipher_none_after_auth = 0;
-#endif
-
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
  
@@ -275,14 +268,6 @@ static void cli_sessionloop() {
 			}
 #endif
  
-#if DROPBEAR_NONE_CIPHER
-			if (cli_ses.cipher_none_after_auth)
-			{
-				set_algo_usable(sshciphers, "none", 1);
-				send_msg_kexinit();
-			}
-#endif
-
 			if (cli_opts.backgrounded) {
 				int devnull;
 				/* keeping stdin open steals input from the terminal and

--- a/cli-tcpfwd.c
+++ b/cli-tcpfwd.c
@@ -274,7 +274,7 @@ static int newtcpforwarded(struct Channel * channel) {
 	}
 	
 	snprintf(portstring, sizeof(portstring), "%u", fwd->connectport);
-	channel->conn_pending = connect_remote(fwd->connectaddr, portstring, channel_connect_done, channel);
+	channel->conn_pending = connect_remote(fwd->connectaddr, portstring, channel_connect_done, channel, NULL, NULL);
  
 	channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
 	

--- a/common-algo.c
+++ b/common-algo.c
@@ -179,9 +179,6 @@ algo_type sshciphers[] = {
 	{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
 #endif
 #endif /* DROPBEAR_ENABLE_CBC_MODE */
-#if DROPBEAR_NONE_CIPHER
-	{"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none},
-#endif
 	{NULL, 0, NULL, 0, NULL}
 };
  
@@ -314,7 +311,7 @@ algo_type sshkex[] = {
 * against.
 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
 * otherwise */
-int have_algo(char* algo, size_t algolen, algo_type algos[]) {
+int have_algo(const char* algo, size_t algolen, const algo_type algos[]) {
  
 	int i;
  
@@ -329,7 +326,7 @@ int have_algo(char* algo, size_t algolen, algo_type algos[]) {
 }
  
 /* Output a comma separated list of algorithms to a buffer */
-void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
+void buf_put_algolist(buffer * buf, const algo_type localalgos[]) {
  
 	unsigned int i, len;
 	unsigned int donefirst = 0;
@@ -466,42 +463,10 @@ out:
 	return ret;
 }
  
-#if DROPBEAR_NONE_CIPHER
-
-void
-set_algo_usable(algo_type algos[], const char * algo_name, int usable)
-{
-	algo_type *a;
-	for (a = algos; a->name != NULL; a++)
-	{
-		if (strcmp(a->name, algo_name) == 0)
-		{
-			a->usable = usable;
-			return;
-		}
-	}
-}
-
-int
-get_algo_usable(algo_type algos[], const char * algo_name)
-{
-	algo_type *a;
-	for (a = algos; a->name != NULL; a++)
-	{
-		if (strcmp(a->name, algo_name) == 0)
-		{
-			return a->usable;
-		}
-	}
-	return 0;
-}
-
-#endif /* DROPBEAR_NONE_CIPHER */
-
 #if DROPBEAR_USER_ALGO_LIST
  
 char *
-algolist_string(algo_type algos[])
+algolist_string(const algo_type algos[])
 {
 	char *ret_list;
 	buffer *b = buf_new(200);
No results found