1 files changed, 13 insertions, 12 deletions
diff --git a/readconf.c b/readconf.c
index f1c860b9c..1d03bdf72 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.238 2015/07/10 06:21:53 markus Exp $ */
+/* $OpenBSD: readconf.c,v 1.239 2015/07/30 00:01:34 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1086,7 +1086,7 @@ parse_int:
                arg = strdelim(&s);
                if (!arg || *arg == '\0')
                        fatal("%.200s line %d: Missing argument.", filename, linenum);
-                if (!ciphers_valid(arg))
+                if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
                        fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && options->ciphers == NULL)
@@ -1097,7 +1097,7 @@ parse_int:
                arg = strdelim(&s);
                if (!arg || *arg == '\0')
                        fatal("%.200s line %d: Missing argument.", filename, linenum);
-                if (!mac_valid(arg))
+                if (!mac_valid(*arg == '+' ? arg + 1 : arg))
                        fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && options->macs == NULL)
@@ -1109,7 +1109,7 @@ parse_int:
                if (!arg || *arg == '\0')
                        fatal("%.200s line %d: Missing argument.",
                            filename, linenum);
-                if (!kex_names_valid(arg))
+                if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
                        fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && options->kex_algorithms == NULL)
@@ -1123,7 +1123,7 @@ parse_keytypes:
                if (!arg || *arg == '\0')
                        fatal("%.200s line %d: Missing argument.",
                            filename, linenum);
-                if (!sshkey_names_valid2(arg, 1))
+                if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
                        fatal("%s line %d: Bad key types '%s'.",
                                filename, linenum, arg ? arg : "<NONE>");
                if (*activep && *charptr == NULL)
@@ -1762,9 +1762,6 @@ fill_default_options(Options * options)
        /* Selected in ssh_login(). */
        if (options->cipher == -1)
                options->cipher = SSH_CIPHER_NOT_SET;
-        /* options->ciphers, default set in myproposals.h */
-        /* options->macs, default set in myproposals.h */
-        /* options->kex_algorithms, default set in myproposals.h */
        /* options->hostkeyalgorithms, default set in myproposals.h */
        if (options->protocol == SSH_PROTO_UNKNOWN)
                options->protocol = SSH_PROTO_2;
@@ -1858,10 +1855,14 @@ fill_default_options(Options * options)
                options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
        if (options->update_hostkeys == -1)
                options->update_hostkeys = 0;
-        if (options->hostbased_key_types == NULL)
+        if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
-                options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
+            kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 ||
-        if (options->pubkey_key_types == NULL)
+            kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 ||
-                options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
+            kex_assemble_names(KEX_DEFAULT_PK_ALG,
+            &options->hostbased_key_types) != 0 ||
+            kex_assemble_names(KEX_DEFAULT_PK_ALG,
+            &options->pubkey_key_types) != 0)
+                fatal("%s: kex_assemble_names failed", __func__);
 #define CLEAR_ON_NONE(v) \
        do { \