Description: fix MitM with VerifyHostKeyDNS option
Origin: backported from patch provided by upstream to Qualys

--- a/krl.c
+++ b/krl.c
@@ -677,6 +677,7 @@ revoked_certs_generate(struct revoked_ce
 			break;
 		case KRL_SECTION_CERT_SERIAL_BITMAP:
 			if (rs->lo - bitmap_start > INT_MAX) {
+				r = SSH_ERR_INVALID_FORMAT;
 				error("%s: insane bitmap gap", __func__);
 				goto out;
 			}
@@ -1012,6 +1013,7 @@ ssh_krl_from_blob(struct sshbuf *buf, st
 		goto out;
 
 	if ((krl = ssh_krl_init()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
 		error("%s: alloc failed", __func__);
 		goto out;
 	}
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -95,7 +95,7 @@ struct sockaddr *xxx_hostaddr;
 static int
 verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
 {
-	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
+	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) != 0)
 		fatal("Host key verification failed.");
 	return 0;
 }
@@ -756,6 +756,7 @@ input_userauth_pk_ok(int type, u_int32_t
 
 	if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) {
 		debug("%s: server sent unknown pkalg %s", __func__, pkalg);
+		r = SSH_ERR_INVALID_FORMAT;
 		goto done;
 	}
 	if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
@@ -766,6 +767,7 @@ input_userauth_pk_ok(int type, u_int32_t
 		error("input_userauth_pk_ok: type mismatch "
 		    "for decoded key (received %d, expected %d)",
 		    key->type, pktype);
+		r = SSH_ERR_INVALID_FORMAT;
 		goto done;
 	}
 
@@ -785,6 +787,7 @@ input_userauth_pk_ok(int type, u_int32_t
 		    SSH_FP_DEFAULT);
 		error("%s: server replied with unknown key: %s %s", __func__,
 		    sshkey_type(key), fp == NULL ? "<ERROR>" : fp);
+		r = SSH_ERR_INVALID_FORMAT;
 		goto done;
 	}
 	ident = format_identity(id);