apply fixes from upstream for empty banner

https://bugzilla.mindrot.org/show_bug.cgi?id=1496
http://bugs.gentoo.org/244222

----------------------------
revision 1.168
date: 2008/10/03 23:56:28;  author: deraadt;  state: Exp;  lines: +3 -3
Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the
function.
spotted by des@freebsd, who commited an incorrect fix to the freebsd tree
and (as is fairly typical) did not report the problem to us.  But this fix
is correct.
ok djm
----------------------------
revision 1.167
date: 2008/07/31 14:48:28;  author: markus;  state: Exp;  lines: +2 -2
don't allocate space for empty banners; report t8m at centrum.cz; ok deraadt
--- src/usr.bin/ssh/sshconnect2.c	2008/07/17 09:48:00	1.166
+++ src/usr.bin/ssh/sshconnect2.c	2008/10/04 00:56:28	1.168
@@ -377,11 +377,11 @@ input_userauth_banner(int type, u_int32_t seq, void *c
 	debug3("input_userauth_banner");
 	raw = packet_get_string(&len);
 	lang = packet_get_string(NULL);
-	if (options.log_level >= SYSLOG_LEVEL_INFO) {
+	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
 		if (len > 65536)
 			len = 65536;
-		msg = xmalloc(len * 4); /* max expansion from strnvis() */
-		strnvis(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL);
+		msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
+		strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
 		fprintf(stderr, "%s", msg);
 		xfree(msg);
 	}