summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-12-29 17:44:56 +1100
committerDamien Miller <djm@mindrot.org>2013-12-29 17:44:56 +1100
commitbf25d114e23a803f8feca8926281b1aaedb6191b (patch)
tree6ffcd299edcd4ecf1e7093dfa0ba10406497c559
parentbb3dafe7024a5b4e851252e65ee35d45b965e4a8 (diff)
- djm@cvs.openbsd.org 2013/12/19 00:27:57
[auth-options.c] simplify freeing of source-address certificate restriction
-rw-r--r--ChangeLog3
-rw-r--r--auth-options.c14
2 files changed, 10 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 041cfe831..a3689a4af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,9 @@
11 Cast client_alive_interval to u_int64_t before assinging to 11 Cast client_alive_interval to u_int64_t before assinging to
12 max_time_milliseconds to avoid potential integer overflow in the timeout. 12 max_time_milliseconds to avoid potential integer overflow in the timeout.
13 bz#2170, patch from Loganaden Velvindron, ok djm@ 13 bz#2170, patch from Loganaden Velvindron, ok djm@
14 - djm@cvs.openbsd.org 2013/12/19 00:27:57
15 [auth-options.c]
16 simplify freeing of source-address certificate restriction
14 17
1520131221 1820131221
16 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. 19 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
diff --git a/auth-options.c b/auth-options.c
index b370b5be6..fa209eaab 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -432,7 +432,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
432 u_char *data_blob = NULL; 432 u_char *data_blob = NULL;
433 u_int nlen, dlen, clen; 433 u_int nlen, dlen, clen;
434 Buffer c, data; 434 Buffer c, data;
435 int ret = -1, found; 435 int ret = -1, result, found;
436 436
437 buffer_init(&data); 437 buffer_init(&data);
438 438
@@ -501,11 +501,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
501 goto out; 501 goto out;
502 } 502 }
503 remote_ip = get_remote_ipaddr(); 503 remote_ip = get_remote_ipaddr();
504 switch (addr_match_cidr_list(remote_ip, 504 result = addr_match_cidr_list(remote_ip,
505 allowed)) { 505 allowed);
506 free(allowed);
507 switch (result) {
506 case 1: 508 case 1:
507 /* accepted */ 509 /* accepted */
508 free(allowed);
509 break; 510 break;
510 case 0: 511 case 0:
511 /* no match */ 512 /* no match */
@@ -518,12 +519,11 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
518 "is not permitted to use this " 519 "is not permitted to use this "
519 "certificate for login.", 520 "certificate for login.",
520 remote_ip); 521 remote_ip);
521 free(allowed);
522 goto out; 522 goto out;
523 case -1: 523 case -1:
524 default:
524 error("Certificate source-address " 525 error("Certificate source-address "
525 "contents invalid"); 526 "contents invalid");
526 free(allowed);
527 goto out; 527 goto out;
528 } 528 }
529 found = 1; 529 found = 1;