New upstream release (7.5p1)

1 files changed, 17 insertions, 16 deletions

diff --git a/servconf.c b/servconf.c
index 202c45066..1a7a5f182 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -553,7 +553,7 @@ static struct {
         { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
         { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
         { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
-        { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
+        { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
         { "acceptenv", sAcceptEnv, SSHCFG_ALL },
         { "permittunnel", sPermitTunnel, SSHCFG_ALL },
         { "permittty", sPermitTTY, SSHCFG_ALL },
@@ -985,6 +985,15 @@ process_server_config_line(ServerOptions *options, char *line,
         long long val64;
         const struct multistate *multistate_ptr;
 
+        /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
+        if ((len = strlen(line)) == 0)
+                return 0;
+        for (len--; len > 0; len--) {
+                if (strchr(WHITESPACE "\f", line[len]) == NULL)
+                        break;
+                line[len] = '\0';
+        }
+
         cp = line;
         if ((arg = strdelim(&cp)) == NULL)
                 return 0;
@@ -1187,7 +1196,8 @@ process_server_config_line(ServerOptions *options, char *line,
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: Missing argument.",
                             filename, linenum);
-                if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
+                if (*arg != '-' &&
+                    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
                         fatal("%s line %d: Bad key types '%s'.",
                             filename, linenum, arg ? arg : "<NONE>");
                 if (*activep && *charptr == NULL)
@@ -1391,11 +1401,6 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->disable_forwarding;
                 goto parse_flag;
 
-        case sUsePrivilegeSeparation:
-                intptr = &use_privsep;
-                multistate_ptr = multistate_privsep;
-                goto parse_multistate;
-
         case sAllowUsers:
                 while ((arg = strdelim(&cp)) && *arg != '\0') {
                         if (options->num_allow_users >= MAX_ALLOW_USERS)
@@ -1454,7 +1459,7 @@ process_server_config_line(ServerOptions *options, char *line,
                 arg = strdelim(&cp);
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: Missing argument.", filename, linenum);
-                if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
+                if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
                         fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
                             filename, linenum, arg ? arg : "<NONE>");
                 if (options->ciphers == NULL)
@@ -1465,7 +1470,7 @@ process_server_config_line(ServerOptions *options, char *line,
                 arg = strdelim(&cp);
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: Missing argument.", filename, linenum);
-                if (!mac_valid(*arg == '+' ? arg + 1 : arg))
+                if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
                         fatal("%s line %d: Bad SSH2 mac spec '%s'.",
                             filename, linenum, arg ? arg : "<NONE>");
                 if (options->macs == NULL)
@@ -1477,7 +1482,8 @@ process_server_config_line(ServerOptions *options, char *line,
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: Missing argument.",
                             filename, linenum);
-                if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
+                if (*arg != '-' &&
+                    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
                         fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
                             filename, linenum, arg ? arg : "<NONE>");
                 if (options->kex_algorithms == NULL)
@@ -2127,8 +2133,6 @@ fmt_intarg(ServerOpCodes code, int val)
                 return fmt_multistate_int(val, multistate_gatewayports);
         case sCompression:
                 return fmt_multistate_int(val, multistate_compression);
-        case sUsePrivilegeSeparation:
-                return fmt_multistate_int(val, multistate_privsep);
         case sAllowTcpForwarding:
                 return fmt_multistate_int(val, multistate_tcpfwd);
         case sAllowStreamLocalForwarding:
@@ -2179,8 +2183,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
 static void
 dump_cfg_string(ServerOpCodes code, const char *val)
 {
-        if (val == NULL)
-                return;
         printf("%s %s\n", lookup_opcode_name(code),
             val == NULL ? "none" : val);
 }
@@ -2309,7 +2311,6 @@ dump_config(ServerOptions *o)
         dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
         dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
         dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
-        dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
         dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
 
         /* string arguments */