=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/compat.c,v retrieving revision 1.112 retrieving revision 1.113 diff -u -r1.112 -r1.113 --- src/usr.bin/ssh/compat.c 2018/07/31 03:07:24 1.112 +++ src/usr.bin/ssh/compat.c 2018/08/13 02:41:05 1.113 @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.112 2018/07/31 03:07:24 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -182,17 +182,13 @@ } char * -compat_cipher_proposal(char *cipher_prop, u_int compat) +compat_cipher_proposal(char *cipher_prop) { - char *cp; - - if (!(compat & SSH_BUG_BIGENDIANAES)) + if (!(datafellows & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2("%s: original cipher proposal: %s", __func__, cipher_prop); - if ((cp = match_filter_blacklist(cipher_prop, "aes*")) == NULL) + if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL) fatal("match_filter_blacklist failed"); - free(cipher_prop); - cipher_prop = cp; debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); if (*cipher_prop == '\0') fatal("No supported ciphers found"); @@ -200,17 +196,13 @@ } char * -compat_pkalg_proposal(char *pkalg_prop, u_int compat) +compat_pkalg_proposal(char *pkalg_prop) { - char *cp; - - if (!(compat & SSH_BUG_RSASIGMD5)) + if (!(datafellows & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2("%s: original public key proposal: %s", __func__, pkalg_prop); - if ((cp = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) + if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) fatal("match_filter_blacklist failed"); - free(pkalg_prop); - pkalg_prop = cp; debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); if (*pkalg_prop == '\0') fatal("No supported PK algorithms found"); @@ -218,31 +210,24 @@ } char * -compat_kex_proposal(char *kex_prop, u_int compat) +compat_kex_proposal(char *p) { - char *cp; - - if ((compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) - return kex_prop; - debug2("%s: original KEX proposal: %s", __func__, kex_prop); - if ((compat & SSH_BUG_CURVE25519PAD) != 0) { - if ((cp = match_filter_blacklist(kex_prop, + if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) + return p; + debug2("%s: original KEX proposal: %s", __func__, p); + if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) + if ((p = match_filter_blacklist(p, "curve25519-sha256@libssh.org")) == NULL) fatal("match_filter_blacklist failed"); - free(kex_prop); - kex_prop = cp; - } - if ((compat & SSH_OLD_DHGEX) != 0) { - if ((cp = match_filter_blacklist(kex_prop, + if ((datafellows & SSH_OLD_DHGEX) != 0) { + if ((p = match_filter_blacklist(p, "diffie-hellman-group-exchange-sha256," "diffie-hellman-group-exchange-sha1")) == NULL) fatal("match_filter_blacklist failed"); - free(kex_prop); - kex_prop = cp; } - debug2("%s: compat KEX proposal: %s", __func__, kex_prop); - if (*kex_prop == '\0') + debug2("%s: compat KEX proposal: %s", __func__, p); + if (*p == '\0') fatal("No supported key exchange algorithms found"); - return kex_prop; + return p; }