Bug#1091820: corrected patch

[Richard E. Silverman]

Oops, sorry; the patch I included earlier was reversed. :/ Here's the correct 
version.

--
  Richard

diff --git a/kex.c b/kex.c
index db6717e9..6f06a4f7 100644
--- a/kex.c
+++ b/kex.c
@@ -378,14 +378,25 @@ kex_proposal_populate_entries(struct ssh *ssh, char 
*prop[PROPOSAL_MAX],
        const char *defpropclient[PROPOSAL_MAX] = { KEX_CLIENT };
        const char **defprop = ssh->kex->server ? defpropserver : defpropclient;
        u_int i;
-       char *cp;
+       char *cp, *hkalgs_prop;

        if (prop == NULL)
                fatal_f("proposal missing");

-       /* Append EXT_INFO signalling to KexAlgorithms */
+       /* our hostkey algorithm proposal */
+       hkalgs_prop = xstrdup(hkalgs ? hkalgs : 
defprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
+
+       /*
+        * If we don't have a hostkey (sshd_config "HostKey none" =>
+        * hkalgs_prop list is empty), there's no point in including
+        * the default kex algorithms; start with the empty list
+        * instead. GSSAPI code will later add the dynamically
+        * determined gss-* algorithms.
+        */
        if (kexalgos == NULL)
-               kexalgos = defprop[PROPOSAL_KEX_ALGS];
+               kexalgos = strlen(hkalgs_prop) == 0 ? "" : 
defprop[PROPOSAL_KEX_ALGS];
+
+       /* Append feature signalling to KexAlgorithms. */
        if ((cp = kex_names_cat(kexalgos, ssh->kex->server ?
            "ext-info-s,kex-strict-s-...@openssh.com" :
            "ext-info-c,kex-strict-c-...@openssh.com")) == NULL)
@@ -409,7 +420,7 @@ kex_proposal_populate_entries(struct ssh *ssh, char 
*prop[PROPOSAL_MAX],
                        prop[i] = xstrdup(comp ? comp : defprop[i]);
                        break;
                case PROPOSAL_SERVER_HOST_KEY_ALGS:
-                       prop[i] = xstrdup(hkalgs ? hkalgs : defprop[i]);
+                       prop[i] = hkalgs_prop;
                        break;
                default:
                        prop[i] = xstrdup(defprop[i]);
diff --git a/sshd.c b/sshd.c
index 6dfa5fff..625c1f32 100644
--- a/sshd.c
+++ b/sshd.c
@@ -2505,14 +2505,6 @@ do_ssh2_kex(struct ssh *ssh)
        char *newstr = NULL;
        orig = myproposal[PROPOSAL_KEX_ALGS];

-       /*
-        * If we don't have a host key, then there's no point advertising
-        * the other key exchange algorithms
-        */
-
-       if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
-               orig = NULL;
-
        if (options.gss_keyex)
                gss = ssh_gssapi_server_mechanisms();
        else
@@ -2531,7 +2523,7 @@ do_ssh2_kex(struct ssh *ssh)
         * host key algorithm we support
         */
        if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
-               myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+               myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = xstrdup("null");

        if (newstr)
                myproposal[PROPOSAL_KEX_ALGS] = newstr;