diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-02-03 23:01:19 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-02-04 10:08:15 +1100 |
commit | 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 (patch) | |
tree | 4b2ddc75ee7ac985570c4e85c37abfd8f7be4f47 /servconf.c | |
parent | c924b2ef941028a1f31e6e94f54dfeeeef462a4e (diff) |
upstream commit
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@
Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/servconf.c b/servconf.c index 1880b8cfd..2f8e29d4c 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.303 2017/02/03 05:05:56 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.304 2017/02/03 23:01:19 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -1177,7 +1177,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1177 | if (!arg || *arg == '\0') | 1177 | if (!arg || *arg == '\0') |
1178 | fatal("%s line %d: Missing argument.", | 1178 | fatal("%s line %d: Missing argument.", |
1179 | filename, linenum); | 1179 | filename, linenum); |
1180 | if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) | 1180 | if (*arg != '-' && |
1181 | !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) | ||
1181 | fatal("%s line %d: Bad key types '%s'.", | 1182 | fatal("%s line %d: Bad key types '%s'.", |
1182 | filename, linenum, arg ? arg : "<NONE>"); | 1183 | filename, linenum, arg ? arg : "<NONE>"); |
1183 | if (*activep && *charptr == NULL) | 1184 | if (*activep && *charptr == NULL) |
@@ -1436,7 +1437,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1436 | arg = strdelim(&cp); | 1437 | arg = strdelim(&cp); |
1437 | if (!arg || *arg == '\0') | 1438 | if (!arg || *arg == '\0') |
1438 | fatal("%s line %d: Missing argument.", filename, linenum); | 1439 | fatal("%s line %d: Missing argument.", filename, linenum); |
1439 | if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) | 1440 | if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) |
1440 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", | 1441 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", |
1441 | filename, linenum, arg ? arg : "<NONE>"); | 1442 | filename, linenum, arg ? arg : "<NONE>"); |
1442 | if (options->ciphers == NULL) | 1443 | if (options->ciphers == NULL) |
@@ -1447,7 +1448,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1447 | arg = strdelim(&cp); | 1448 | arg = strdelim(&cp); |
1448 | if (!arg || *arg == '\0') | 1449 | if (!arg || *arg == '\0') |
1449 | fatal("%s line %d: Missing argument.", filename, linenum); | 1450 | fatal("%s line %d: Missing argument.", filename, linenum); |
1450 | if (!mac_valid(*arg == '+' ? arg + 1 : arg)) | 1451 | if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) |
1451 | fatal("%s line %d: Bad SSH2 mac spec '%s'.", | 1452 | fatal("%s line %d: Bad SSH2 mac spec '%s'.", |
1452 | filename, linenum, arg ? arg : "<NONE>"); | 1453 | filename, linenum, arg ? arg : "<NONE>"); |
1453 | if (options->macs == NULL) | 1454 | if (options->macs == NULL) |
@@ -1459,7 +1460,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1459 | if (!arg || *arg == '\0') | 1460 | if (!arg || *arg == '\0') |
1460 | fatal("%s line %d: Missing argument.", | 1461 | fatal("%s line %d: Missing argument.", |
1461 | filename, linenum); | 1462 | filename, linenum); |
1462 | if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) | 1463 | if (*arg != '-' && |
1464 | !kex_names_valid(*arg == '+' ? arg + 1 : arg)) | ||
1463 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", | 1465 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", |
1464 | filename, linenum, arg ? arg : "<NONE>"); | 1466 | filename, linenum, arg ? arg : "<NONE>"); |
1465 | if (options->kex_algorithms == NULL) | 1467 | if (options->kex_algorithms == NULL) |