Bug#1091820: corrected patch

To: 1091820@bugs.debian.org
Subject: Bug#1091820: corrected patch
From: "Richard E. Silverman" <res@qoxp.net>
Date: Tue, 31 Dec 2024 15:25:24 -0500 (EST)
Message-id: <[🔎] a4eac788-cc34-38c5-c995-2d1409eeb834@qoxp.net>
Reply-to: "Richard E. Silverman" <res@qoxp.net>, 1091820@bugs.debian.org
References: <[🔎] 173567541754.414783.13895665693096566905.reportbug@lookfar.oankali.net>


Oops, sorry; the patch I included earlier was reversed. :/ Here's the correct version.

--
  Richard

diff --git a/kex.c b/kex.c
index db6717e9..6f06a4f7 100644
--- a/kex.c
+++ b/kex.c
@@ -378,14 +378,25 @@ kex_proposal_populate_entries(struct ssh *ssh, char *prop[PROPOSAL_MAX],
 	const char *defpropclient[PROPOSAL_MAX] = { KEX_CLIENT };
 	const char **defprop = ssh->kex->server ? defpropserver : defpropclient;
 	u_int i;
-	char *cp;
+	char *cp, *hkalgs_prop;

 	if (prop == NULL)
 		fatal_f("proposal missing");

-	/* Append EXT_INFO signalling to KexAlgorithms */
+	/* our hostkey algorithm proposal */
+	hkalgs_prop = xstrdup(hkalgs ? hkalgs : defprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
+
+	/*
+	 * If we don't have a hostkey (sshd_config "HostKey none" =>
+	 * hkalgs_prop list is empty), there's no point in including
+	 * the default kex algorithms; start with the empty list
+	 * instead. GSSAPI code will later add the dynamically
+	 * determined gss-* algorithms.
+	 */
 	if (kexalgos == NULL)
-		kexalgos = defprop[PROPOSAL_KEX_ALGS];
+		kexalgos = strlen(hkalgs_prop) == 0 ? "" : defprop[PROPOSAL_KEX_ALGS];
+
+	/* Append feature signalling to KexAlgorithms. */
 	if ((cp = kex_names_cat(kexalgos, ssh->kex->server ?
 	    "ext-info-s,kex-strict-s-v00@openssh.com" :
 	    "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL)
@@ -409,7 +420,7 @@ kex_proposal_populate_entries(struct ssh *ssh, char *prop[PROPOSAL_MAX],
 			prop[i] = xstrdup(comp ? comp : defprop[i]);
 			break;
 		case PROPOSAL_SERVER_HOST_KEY_ALGS:
-			prop[i] = xstrdup(hkalgs ? hkalgs : defprop[i]);
+			prop[i] = hkalgs_prop;
 			break;
 		default:
 			prop[i] = xstrdup(defprop[i]);
diff --git a/sshd.c b/sshd.c
index 6dfa5fff..625c1f32 100644
--- a/sshd.c
+++ b/sshd.c
@@ -2505,14 +2505,6 @@ do_ssh2_kex(struct ssh *ssh)
 	char *newstr = NULL;
 	orig = myproposal[PROPOSAL_KEX_ALGS];

-	/*
-	 * If we don't have a host key, then there's no point advertising
-	 * the other key exchange algorithms
-	 */
-
-	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
-		orig = NULL;
-
 	if (options.gss_keyex)
 		gss = ssh_gssapi_server_mechanisms();
 	else
@@ -2531,7 +2523,7 @@ do_ssh2_kex(struct ssh *ssh)
 	 * host key algorithm we support
 	 */
 	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
-		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = xstrdup("null");

 	if (newstr)
 		myproposal[PROPOSAL_KEX_ALGS] = newstr;

Reply to:

References:
- Bug#1091820: openssh-server: two bugs in sshd with "hostkey none"
  - From: "Richard E. Silverman" <res@qoxp.net>

Prev by Date: Bug#1091820: openssh-server: two bugs in sshd with "hostkey none"
Previous by thread: Bug#1091820: openssh-server: two bugs in sshd with "hostkey none"
Index(es):
- Date
- Thread