7 files changed, 48 insertions, 5 deletions

diff --git a/include/libssh/bind.h b/include/libssh/bind.h
index 6b5f19dd..94256d4a 100644
--- a/include/libssh/bind.h
+++ b/include/libssh/bind.h
@@ -50,6 +50,7 @@ struct ssh_bind_struct {
   bool config_processed;
   char *config_dir;
   char *pubkey_accepted_key_types;
+  char* moduli_file;
 };
 
 struct ssh_poll_handle_struct *ssh_bind_get_poll(struct ssh_bind_struct
diff --git a/include/libssh/server.h b/include/libssh/server.h
index 41f89d5c..1c18b38c 100644
--- a/include/libssh/server.h
+++ b/include/libssh/server.h
@@ -56,6 +56,7 @@ enum ssh_bind_options_e {
   SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
   SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
   SSH_BIND_OPTIONS_PROCESS_CONFIG,
+  SSH_BIND_OPTIONS_MODULI,
 };
 
 typedef struct ssh_bind_struct* ssh_bind;
diff --git a/include/libssh/session.h b/include/libssh/session.h
index 22256150..ddd52fd6 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -217,6 +217,7 @@ struct ssh_session_struct {
         char *pubkey_accepted_types;
         char *ProxyCommand;
         char *custombanner;
+        char *moduli_file;
         unsigned long timeout; /* seconds */
         unsigned long timeout_usec;
         unsigned int port;
diff --git a/src/bind.c b/src/bind.c
index b326a52b..691a363f 100644
--- a/src/bind.c
+++ b/src/bind.c
@@ -393,6 +393,7 @@ void ssh_bind_free(ssh_bind sshbind){
 
   /* options */
   SAFE_FREE(sshbind->banner);
+  SAFE_FREE(sshbind->moduli_file);
   SAFE_FREE(sshbind->bindaddr);
   SAFE_FREE(sshbind->config_dir);
   SAFE_FREE(sshbind->pubkey_accepted_key_types);
@@ -485,8 +486,23 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
     }
 
     session->common.log_verbosity = sshbind->common.log_verbosity;
-    if(sshbind->banner != NULL)
-    	session->opts.custombanner = strdup(sshbind->banner);
+
+    if (sshbind->banner != NULL) {
+        session->opts.custombanner = strdup(sshbind->banner);
+        if (session->opts.custombanner == NULL) {
+            ssh_set_error_oom(sshbind);
+            return SSH_ERROR;
+        }
+    }
+
+    if (sshbind->moduli_file != NULL) {
+        session->opts.moduli_file = strdup(sshbind->moduli_file);
+        if (session->opts.moduli_file == NULL) {
+            ssh_set_error_oom(sshbind);
+            return SSH_ERROR;
+        }
+    }
+
     ssh_socket_free(session->socket);
     session->socket = ssh_socket_new(session);
     if (session->socket == NULL) {
diff --git a/src/dh-gex.c b/src/dh-gex.c
index 88a97140..c6295f8f 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -489,7 +489,8 @@ static int ssh_retrieve_dhgroup_file(FILE *moduli,
  * @param[out] g generator
  * @return SSH_OK on success, SSH_ERROR otherwise.
  */
-static int ssh_retrieve_dhgroup(uint32_t pmin,
+static int ssh_retrieve_dhgroup(char *moduli_file,
+                                uint32_t pmin,
                                 uint32_t pn,
                                 uint32_t pmax,
                                 size_t *size,
@@ -508,7 +509,11 @@ static int ssh_retrieve_dhgroup(uint32_t pmin,
         return ssh_fallback_group(pmax, p, g);
     }
 
-    moduli = fopen(MODULI_FILE, "r");
+    if (moduli_file != NULL)
+        moduli = fopen(moduli_file, "r");
+    else
+        moduli = fopen(MODULI_FILE, "r");
+
     if (moduli == NULL) {
         SSH_LOG(SSH_LOG_WARNING,
                 "Unable to open moduli file: %s",
@@ -627,7 +632,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
             pn = pmin;
         }
     }
-    rc = ssh_retrieve_dhgroup(pmin,
+    rc = ssh_retrieve_dhgroup(session->opts.moduli_file,
+                              pmin,
                               pn,
                               pmax,
                               &size,
diff --git a/src/options.c b/src/options.c
index 692fc837..d5921645 100644
--- a/src/options.c
+++ b/src/options.c
@@ -1655,6 +1655,10 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
  *                        possible algorithms is created from the list of keys
  *                        set and then filtered against this list.
  *                        (const char *, comma-separated list).
+ * 
+ *                      - SSH_BIND_OPTIONS_MODULI
+ *                        Set the path to the moduli file. Defaults to
+ *                        /etc/ssh/moduli if not specified (const char *).
  *
  * @param  value        The value to set. This is a generic pointer and the
  *                      datatype which should be used is described at the
@@ -2003,6 +2007,19 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
             sshbind->config_processed = !(*x);
         }
         break;
+    case SSH_BIND_OPTIONS_MODULI:
+        if (value == NULL) {
+            ssh_set_error_invalid(sshbind);
+            return -1;
+        } else {
+            SAFE_FREE(sshbind->moduli_file);
+            sshbind->moduli_file = strdup(value);
+            if (sshbind->moduli_file == NULL) {
+                ssh_set_error_oom(sshbind);
+                return -1;
+            }
+        }
+        break;
     default:
       ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
       return -1;
diff --git a/src/session.c b/src/session.c
index 3199096a..b5ffcbc2 100644
--- a/src/session.c
+++ b/src/session.c
@@ -304,6 +304,7 @@ void ssh_free(ssh_session session)
 
   SAFE_FREE(session->opts.bindaddr);
   SAFE_FREE(session->opts.custombanner);
+  SAFE_FREE(session->opts.moduli_file);
   SAFE_FREE(session->opts.username);
   SAFE_FREE(session->opts.host);
   SAFE_FREE(session->opts.sshdir);