Import openssh_7.9p1.orig.tar.gz

1 files changed, 39 insertions, 9 deletions

diff --git a/readconf.c b/readconf.c
index db5f2d547..433811521 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.297 2018/08/12 20:19:13 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -172,7 +172,7 @@ typedef enum {
         oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
         oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
         oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
-        oPubkeyAcceptedKeyTypes, oProxyJump,
+        oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
         oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
@@ -266,6 +266,7 @@ static struct {
         { "dynamicforward", oDynamicForward },
         { "preferredauthentications", oPreferredAuthentications },
         { "hostkeyalgorithms", oHostKeyAlgorithms },
+        { "casignaturealgorithms", oCASignatureAlgorithms },
         { "bindaddress", oBindAddress },
         { "bindinterface", oBindInterface },
         { "clearallforwardings", oClearAllForwardings },
@@ -1157,7 +1158,20 @@ parse_command:
                 return 0;
 
         case oPort:
-                intptr = &options->port;
+                arg = strdelim(&s);
+                if (!arg || *arg == '\0')
+                        fatal("%.200s line %d: Missing argument.",
+                            filename, linenum);
+                value = a2port(arg);
+                if (value <= 0)
+                        fatal("%.200s line %d: Bad port '%s'.",
+                            filename, linenum, arg);
+                if (*activep && options->port == -1)
+                        options->port = value;
+                break;
+
+        case oConnectionAttempts:
+                intptr = &options->connection_attempts;
 parse_int:
                 arg = strdelim(&s);
                 if ((errstr = atoi_err(arg, &value)) != NULL)
@@ -1167,10 +1181,6 @@ parse_int:
                         *intptr = value;
                 break;
 
-        case oConnectionAttempts:
-                intptr = &options->connection_attempts;
-                goto parse_int;
-
         case oCiphers:
                 arg = strdelim(&s);
                 if (!arg || *arg == '\0')
@@ -1221,6 +1231,10 @@ parse_keytypes:
                         *charptr = xstrdup(arg);
                 break;
 
+        case oCASignatureAlgorithms:
+                charptr = &options->ca_sign_algorithms;
+                goto parse_keytypes;
+
         case oLogLevel:
                 log_level_ptr = &options->log_level;
                 arg = strdelim(&s);
@@ -1695,7 +1709,18 @@ parse_keytypes:
 
         case oIdentityAgent:
                 charptr = &options->identity_agent;
-                goto parse_string;
+                arg = strdelim(&s);
+                if (!arg || *arg == '\0')
+                        fatal("%.200s line %d: Missing argument.",
+                            filename, linenum);
+                /* Extra validation if the string represents an env var. */
+                if (arg[0] == '$' && !valid_env_name(arg + 1)) {
+                        fatal("%.200s line %d: Invalid environment name %s.",
+                            filename, linenum, arg);
+                }
+                if (*activep && *charptr == NULL)
+                        *charptr = xstrdup(arg);
+                break;
 
         case oDeprecated:
                 debug("%s line %d: Deprecated option \"%s\"",
@@ -1836,6 +1861,7 @@ initialize_options(Options * options)
         options->macs = NULL;
         options->kex_algorithms = NULL;
         options->hostkeyalgorithms = NULL;
+        options->ca_sign_algorithms = NULL;
         options->num_identity_files = 0;
         options->num_certificate_files = 0;
         options->hostname = NULL;
@@ -1924,7 +1950,7 @@ fill_default_options_for_canonicalization(Options *options)
 void
 fill_default_options(Options * options)
 {
-        char *all_cipher, *all_mac, *all_kex, *all_key;
+        char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
         int r;
 
         if (options->forward_agent == -1)
@@ -2077,6 +2103,7 @@ fill_default_options(Options * options)
         all_mac = mac_alg_list(',');
         all_kex = kex_alg_list(',');
         all_key = sshkey_alg_list(0, 0, 1, ',');
+        all_sig = sshkey_alg_list(0, 1, 1, ',');
 #define ASSEMBLE(what, defaults, all) \
         do { \
                 if ((r = kex_assemble_names(&options->what, \
@@ -2088,11 +2115,13 @@ fill_default_options(Options * options)
         ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
         ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
         ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+        ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
 #undef ASSEMBLE
         free(all_cipher);
         free(all_mac);
         free(all_kex);
         free(all_key);
+        free(all_sig);
 
 #define CLEAR_ON_NONE(v) \
         do { \
@@ -2614,6 +2643,7 @@ dump_client_config(Options *o, const char *host)
         dump_cfg_string(oIgnoreUnknown, o->ignored_unknown);
         dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
         dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
+        dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
         dump_cfg_string(oLocalCommand, o->local_command);
         dump_cfg_string(oRemoteCommand, o->remote_command);
         dump_cfg_string(oLogLevel, log_level_name(o->log_level));