If md5_done doesn't return CRYPT_OK then hs may be uninitialized in
sign_key_md5_fingerprint().

It is unlikely, but listensocks may not have all of its fds filled in.
Setting them to 0 early on makes sure that there is at least a known
quantity there.

From: Erik Hovland <erik@hovland.org>

---

 signkey.c  |    3 ++-
 svr-main.c |    1 +
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git signkey.c signkey.c
index c1ef5e2..14cd8d8 100644
--- signkey.c
+++ signkey.c
@@ -296,7 +296,8 @@ static char * sign_key_md5_fingerprint(unsigned char* keyblob,
 	/* skip the size int of the string - this is a bit messy */
 	md5_process(&hs, keyblob, keybloblen);
 
-	md5_done(&hs, hash);
+	if (md5_done(&hs, hash) != CRYPT_OK)
+		return NULL;
 
 	/* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */
 	buflen = 4 + 3*MD5_HASH_SIZE;
diff --git svr-main.c svr-main.c
index f7ce221..76ace97 100644
--- svr-main.c
+++ svr-main.c
@@ -118,6 +118,7 @@ void main_noinetd() {
 	int childsock;
 	int childpipe[2];
 
+	memset(listensocks, 0, sizeof(listensocks));
 	/* Note: commonsetup() must happen before we daemon()ise. Otherwise
 	   daemon() will chdir("/"), and we won't be able to find local-dir
 	   hostkeys. */