diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-29 17:44:56 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-29 17:44:56 +1100 |
| commit | bf25d114e23a803f8feca8926281b1aaedb6191b (patch) | |
| tree | 6ffcd299edcd4ecf1e7093dfa0ba10406497c559 | |
| parent | bb3dafe7024a5b4e851252e65ee35d45b965e4a8 (diff) | |
- djm@cvs.openbsd.org 2013/12/19 00:27:57
[auth-options.c]
simplify freeing of source-address certificate restriction
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | auth-options.c | 14 |
2 files changed, 10 insertions, 7 deletions
| @@ -11,6 +11,9 @@ | |||
| 11 | Cast client_alive_interval to u_int64_t before assinging to | 11 | Cast client_alive_interval to u_int64_t before assinging to |
| 12 | max_time_milliseconds to avoid potential integer overflow in the timeout. | 12 | max_time_milliseconds to avoid potential integer overflow in the timeout. |
| 13 | bz#2170, patch from Loganaden Velvindron, ok djm@ | 13 | bz#2170, patch from Loganaden Velvindron, ok djm@ |
| 14 | - djm@cvs.openbsd.org 2013/12/19 00:27:57 | ||
| 15 | [auth-options.c] | ||
| 16 | simplify freeing of source-address certificate restriction | ||
| 14 | 17 | ||
| 15 | 20131221 | 18 | 20131221 |
| 16 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. | 19 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. |
diff --git a/auth-options.c b/auth-options.c index b370b5be6..fa209eaab 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -432,7 +432,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
| 432 | u_char *data_blob = NULL; | 432 | u_char *data_blob = NULL; |
| 433 | u_int nlen, dlen, clen; | 433 | u_int nlen, dlen, clen; |
| 434 | Buffer c, data; | 434 | Buffer c, data; |
| 435 | int ret = -1, found; | 435 | int ret = -1, result, found; |
| 436 | 436 | ||
| 437 | buffer_init(&data); | 437 | buffer_init(&data); |
| 438 | 438 | ||
| @@ -501,11 +501,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
| 501 | goto out; | 501 | goto out; |
| 502 | } | 502 | } |
| 503 | remote_ip = get_remote_ipaddr(); | 503 | remote_ip = get_remote_ipaddr(); |
| 504 | switch (addr_match_cidr_list(remote_ip, | 504 | result = addr_match_cidr_list(remote_ip, |
| 505 | allowed)) { | 505 | allowed); |
| 506 | free(allowed); | ||
| 507 | switch (result) { | ||
| 506 | case 1: | 508 | case 1: |
| 507 | /* accepted */ | 509 | /* accepted */ |
| 508 | free(allowed); | ||
| 509 | break; | 510 | break; |
| 510 | case 0: | 511 | case 0: |
| 511 | /* no match */ | 512 | /* no match */ |
| @@ -518,12 +519,11 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
| 518 | "is not permitted to use this " | 519 | "is not permitted to use this " |
| 519 | "certificate for login.", | 520 | "certificate for login.", |
| 520 | remote_ip); | 521 | remote_ip); |
| 521 | free(allowed); | ||
| 522 | goto out; | 522 | goto out; |
| 523 | case -1: | 523 | case -1: |
| 524 | default: | ||
| 524 | error("Certificate source-address " | 525 | error("Certificate source-address " |
| 525 | "contents invalid"); | 526 | "contents invalid"); |
| 526 | free(allowed); | ||
| 527 | goto out; | 527 | goto out; |
| 528 | } | 528 | } |
| 529 | found = 1; | 529 | found = 1; |