diff --git a/Makefile.in b/Makefile.in
index fc17c1f..1ce13d2 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -69,7 +69,8 @@ AR=@AR@
 RANLIB=@RANLIB@
 STRIP=@STRIP@
 INSTALL=@INSTALL@
-CFLAGS=-I. -I$(srcdir)/libtomcrypt/src/headers/ @CFLAGS@
+CPPFLAGS=@CPPFLAGS@
+CFLAGS=-I. -I$(srcdir)/libtomcrypt/src/headers/ $(CPPFLAGS) @CFLAGS@
 LIBS=$(LTC) $(LTM) @LIBS@
 LDFLAGS=@LDFLAGS@
 
diff --git a/cli-auth.c b/cli-auth.c
index d08de9a..ba4cf6c 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -236,8 +236,8 @@ void recv_msg_userauth_success() {
 
 void cli_auth_try() {
 
-	TRACE(("enter cli_auth_try"))
 	int finished = 0;
+	TRACE(("enter cli_auth_try"))
 
 	CHECKCLEARTOWRITE();
 	
diff --git a/cli-chansession.c b/cli-chansession.c
index 6d358b7..fee8a22 100644
--- a/cli-chansession.c
+++ b/cli-chansession.c
@@ -162,8 +162,6 @@ void cli_tty_cleanup() {
 
 static void put_termcodes() {
 
-	TRACE(("enter put_termcodes"))
-
 	struct termios tio;
 	unsigned int sshcode;
 	const struct TermCode *termcode;
@@ -172,6 +170,8 @@ static void put_termcodes() {
 
 	unsigned int bufpos1, bufpos2;
 
+	TRACE(("enter put_termcodes"))
+
 	if (tcgetattr(STDIN_FILENO, &tio) == -1) {
 		dropbear_log(LOG_WARNING, "Failed reading termmodes");
 		buf_putint(ses.writepayload, 1); /* Just the terminator */
diff --git a/cli-kex.c b/cli-kex.c
index 40d4e95..ea4a2a5 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -145,6 +145,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 	FILE *hostsfile = NULL;
 	int readonly = 0;
 	struct passwd *pw = NULL;
+	char * homedir = NULL;
 	unsigned int hostlen, algolen;
 	unsigned long len;
 	const char *algoname = NULL;
@@ -153,41 +154,50 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 	
 	pw = getpwuid(getuid());
 
-	if (pw == NULL) {
-		dropbear_exit("Failed to get homedir");
+	if (pw)
+		homedir = pw->pw_dir;
+	}
+	pw = NULL;
+
+	if (!homedir)
+		homedir = getenv("HOME");
 	}
 
-	len = strlen(pw->pw_dir);
-	filename = m_malloc(len + 18); /* "/.ssh/known_hosts" and null-terminator*/
+	if (homedir) {
 
-	snprintf(filename, len+18, "%s/.ssh", pw->pw_dir);
-	/* Check that ~/.ssh exists - easiest way is just to mkdir */
-	if (mkdir(filename, S_IRWXU) != 0) {
-		if (errno != EEXIST) {
-			dropbear_log(LOG_INFO, "Warning: failed creating ~/.ssh: %s",
-					strerror(errno));
-			TRACE(("mkdir didn't work: %s", strerror(errno)))
-			ask_to_confirm(keyblob, keybloblen);
-			goto out; /* only get here on success */
+		len = strlen(homedir);
+		filename = m_malloc(len + 18); /* "/.ssh/known_hosts" and null-terminator*/
+
+		snprintf(filename, len+18, "%s/.ssh", homedir);
+		/* Check that ~/.ssh exists - easiest way is just to mkdir */
+		if (mkdir(filename, S_IRWXU) != 0) {
+			if (errno != EEXIST) {
+				dropbear_log(LOG_INFO, "Warning: failed creating ~/.ssh: %s",
+						strerror(errno));
+				TRACE(("mkdir didn't work: %s", strerror(errno)))
+				ask_to_confirm(keyblob, keybloblen);
+				goto out; /* only get here on success */
+			}
 		}
-	}
 
-	snprintf(filename, len+18, "%s/.ssh/known_hosts", pw->pw_dir);
-	hostsfile = fopen(filename, "a+");
-	
-	if (hostsfile != NULL) {
-		fseek(hostsfile, 0, SEEK_SET);
-	} else {
-		/* We mightn't have been able to open it if it was read-only */
-		if (errno == EACCES || errno == EROFS) {
-				TRACE(("trying readonly: %s", strerror(errno)))
-				readonly = 1;
-				hostsfile = fopen(filename, "r");
+		snprintf(filename, len+18, "%s/.ssh/known_hosts", homedir);
+		hostsfile = fopen(filename, "a+");
+		
+		if (hostsfile != NULL) {
+			fseek(hostsfile, 0, SEEK_SET);
+		} else {
+			/* We mightn't have been able to open it if it was read-only */
+			if (errno == EACCES || errno == EROFS) {
+					TRACE(("trying readonly: %s", strerror(errno)))
+					readonly = 1;
+					hostsfile = fopen(filename, "r");
+			}
 		}
 	}
 
 	if (hostsfile == NULL) {
 		TRACE(("hostsfile didn't open: %s", strerror(errno)))
+		dropbear_log(LOG_WARNING, "Failed to open ~/.ssh/known_hosts");
 		ask_to_confirm(keyblob, keybloblen);
 		goto out; /* We only get here on success */
 	}
diff --git a/common-channel.c b/common-channel.c
index 68d2b48..0be354d 100644
--- a/common-channel.c
+++ b/common-channel.c
@@ -236,7 +236,7 @@ static void checkclose(struct Channel *channel) {
 	TRACE(("checkclose: writefd %d, readfd %d, errfd %d, sentclosed %d, recvclosed %d",
 				channel->writefd, channel->readfd,
 				channel->errfd, channel->sentclosed, channel->recvclosed))
-	TRACE(("writebuf %d extrabuf %s extrabuf %d",
+	TRACE(("writebuf size %d extrabuf ptr 0x%x extrabuf size %d",
 				cbuf_getused(channel->writebuf),
 				channel->writebuf,
 				channel->writebuf ? 0 : cbuf_getused(channel->extrabuf)))
diff --git a/random.c b/random.c
index a395728..09437ed 100644
--- a/random.c
+++ b/random.c
@@ -31,7 +31,8 @@ static int donerandinit = 0;
 
 /* this is used to generate unique output from the same hashpool */
 static uint32_t counter = 0;
-#define MAX_COUNTER 1<<31 /* the max value for the counter, so it won't loop */
+/* the max value for the counter, so it won't integer overflow */
+#define MAX_COUNTER 1<<30 
 
 static unsigned char hashpool[SHA1_HASH_SIZE];
 
@@ -129,7 +130,7 @@ void seedrandom() {
 	hash_state hs;
 
 	/* initialise so that things won't warn about
-     * hashing an undefined buffer */
+	 * hashing an undefined buffer */
 	if (!donerandinit) {
 		m_burn(hashpool, sizeof(hashpool));
 	}
@@ -152,18 +153,17 @@ void seedrandom() {
  * the random pools for fork()ed processes. */
 void reseedrandom() {
 
-    pid_t pid;
-    struct timeval tv;
+	pid_t pid;
+	hash_state hs;
+	struct timeval tv;
 
 	if (!donerandinit) {
 		dropbear_exit("seedrandom not done");
 	}
 
-    pid = getpid();
-    gettimeofday(&tv, NULL);
+	pid = getpid();
+	gettimeofday(&tv, NULL);
 
-	hash_state hs;
-	unsigned char hash[SHA1_HASH_SIZE];
 	sha1_init(&hs);
 	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
 	sha1_process(&hs, (void*)&pid, sizeof(pid));
diff --git a/svr-auth.c b/svr-auth.c
index f0fca38..d0eba9b 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -315,14 +315,15 @@ void send_msg_userauth_failure(int partial, int incrfail) {
 	buf_setpos(typebuf, 0);
 	buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len),
 			typebuf->len);
+
+	TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
+				buf_getptr(typebuf, typebuf->len)));
+
 	buf_free(typebuf);
 
 	buf_putbyte(ses.writepayload, partial ? 1 : 0);
 	encrypt_packet();
 
-	TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
-				buf_getptr(typebuf, typebuf->len)));
-
 	if (incrfail) {
 		usleep(300000); /* XXX improve this */
 		ses.authstate.failcount++;
diff --git a/svr-chansession.c b/svr-chansession.c
index 0916e7e..605bb60 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -410,7 +410,7 @@ static int sessionwinchange(struct ChanSess *chansess) {
 	
 	pty_change_window_size(chansess->master, termr, termc, termw, termh);
 
-	return DROPBEAR_FAILURE;
+	return DROPBEAR_SUCCESS;
 }
 
 static void get_termmodes(struct ChanSess *chansess) {
diff --git a/svr-main.c b/svr-main.c
index e06eb5e..e00de6b 100644
--- a/svr-main.c
+++ b/svr-main.c
@@ -28,6 +28,7 @@
 #include "buffer.h"
 #include "signkey.h"
 #include "runopts.h"
+#include "random.h"
 
 static size_t listensockets(int *sock, size_t sockcount, int *maxfd);
 static void sigchld_handler(int dummy);