upstream commit

support =- for removing methods from algorithms lists, e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like it" markus@ Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
author: djm@openbsd.org <djm@openbsd.org> 2017-02-03 23:01:19 +0000
committer: Damien Miller <djm@mindrot.org> 2017-02-04 10:08:15 +1100
commit: 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 (patch)
tree: 4b2ddc75ee7ac985570c4e85c37abfd8f7be4f47 /servconf.c
parent: c924b2ef941028a1f31e6e94f54dfeeeef462a4e (diff)
1 files changed, 7 insertions, 5 deletions
diff --git a/servconf.c b/servconf.c
index 1880b8cfd..2f8e29d4c 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.303 2017/02/03 05:05:56 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.304 2017/02/03 23:01:19 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -1177,7 +1177,8 @@ process_server_config_line(ServerOptions *options, char *line,
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing argument.",
                            filename, linenum);
-                if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
+                if (*arg != '-' &&
+                    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
                        fatal("%s line %d: Bad key types '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && *charptr == NULL)
@@ -1436,7 +1437,7 @@ process_server_config_line(ServerOptions *options, char *line,
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing argument.", filename, linenum);
-                if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
+                if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
                        fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (options->ciphers == NULL)
@@ -1447,7 +1448,7 @@ process_server_config_line(ServerOptions *options, char *line,
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing argument.", filename, linenum);
-                if (!mac_valid(*arg == '+' ? arg + 1 : arg))
+                if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
                        fatal("%s line %d: Bad SSH2 mac spec '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (options->macs == NULL)
@@ -1459,7 +1460,8 @@ process_server_config_line(ServerOptions *options, char *line,
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing argument.",
                            filename, linenum);
-                if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
+                if (*arg != '-' &&
+                    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
                        fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (options->kex_algorithms == NULL)
author	djm@openbsd.org <djm@openbsd.org>	2017-02-03 23:01:19 +0000
committer	Damien Miller <djm@mindrot.org>	2017-02-04 10:08:15 +1100
commit	68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 (patch)
tree	4b2ddc75ee7ac985570c4e85c37abfd8f7be4f47 /servconf.c
parent	c924b2ef941028a1f31e6e94f54dfeeeef462a4e (diff)