upstream commit

fix deadlock when keys/principals command produces a lot of output and a key is matched early; bz#2655, patch from jboning AT gmail.com Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
author: djm@openbsd.org <djm@openbsd.org> 2016-12-30 22:08:02 +0000
committer: Damien Miller <djm@mindrot.org> 2017-01-03 15:24:42 +1100
commit: ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 (patch)
tree: 181cd414e1acccae17cd491185a65bdf0cd38772 /auth2-pubkey.c
parent: 30eee7d1b2fec33c14870cc11910610be5d2aa6f (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 20f3309e1..70c021589 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.61 2016/12/30 22:08:02 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -727,6 +727,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
        ok = process_principals(f, NULL, pw, cert);
+        fclose(f);
+        f = NULL;
        if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
                goto out;
@@ -1050,6 +1053,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
        ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
+        fclose(f);
+        f = NULL;
        if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
                goto out;
author	djm@openbsd.org <djm@openbsd.org>	2016-12-30 22:08:02 +0000
committer	Damien Miller <djm@mindrot.org>	2017-01-03 15:24:42 +1100
commit	ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 (patch)
tree	181cd414e1acccae17cd491185a65bdf0cd38772 /auth2-pubkey.c
parent	30eee7d1b2fec33c14870cc11910610be5d2aa6f (diff)