diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-05 04:59:27 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-05 04:59:27 +0000 |
| commit | b257cca7693dcb220e06dcab5c0f3fb458fb59d5 (patch) | |
| tree | bdd4edf94f31433f95e75090e3e2f011674eb9ae /authfile.c | |
| parent | b0a4cd8f9174fbf14e1345a96585d19795b052c5 (diff) | |
- deraadt@cvs.openbsd.org 2001/02/21 09:05:54
[authfile.c]
improve fd handling
Diffstat (limited to 'authfile.c')
| -rw-r--r-- | authfile.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/authfile.c b/authfile.c index aa898c725..9f03d5137 100644 --- a/authfile.c +++ b/authfile.c | |||
| @@ -36,7 +36,7 @@ | |||
| 36 | */ | 36 | */ |
| 37 | 37 | ||
| 38 | #include "includes.h" | 38 | #include "includes.h" |
| 39 | RCSID("$OpenBSD: authfile.c,v 1.27 2001/02/08 19:30:51 itojun Exp $"); | 39 | RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $"); |
| 40 | 40 | ||
| 41 | #include <openssl/err.h> | 41 | #include <openssl/err.h> |
| 42 | #include <openssl/evp.h> | 42 | #include <openssl/evp.h> |
| @@ -336,12 +336,12 @@ load_private_key_rsa1(int fd, const char *filename, | |||
| 336 | close(fd); | 336 | close(fd); |
| 337 | return 0; | 337 | return 0; |
| 338 | } | 338 | } |
| 339 | close(fd); | ||
| 340 | 339 | ||
| 341 | /* Check that it is at least big enough to contain the ID string. */ | 340 | /* Check that it is at least big enough to contain the ID string. */ |
| 342 | if (len < sizeof(authfile_id_string)) { | 341 | if (len < sizeof(authfile_id_string)) { |
| 343 | debug3("Bad RSA1 key file %.200s.", filename); | 342 | debug3("Bad RSA1 key file %.200s.", filename); |
| 344 | buffer_free(&buffer); | 343 | buffer_free(&buffer); |
| 344 | close(fd); | ||
| 345 | return 0; | 345 | return 0; |
| 346 | } | 346 | } |
| 347 | /* | 347 | /* |
| @@ -352,8 +352,10 @@ load_private_key_rsa1(int fd, const char *filename, | |||
| 352 | if (buffer_get_char(&buffer) != authfile_id_string[i]) { | 352 | if (buffer_get_char(&buffer) != authfile_id_string[i]) { |
| 353 | debug3("Bad RSA1 key file %.200s.", filename); | 353 | debug3("Bad RSA1 key file %.200s.", filename); |
| 354 | buffer_free(&buffer); | 354 | buffer_free(&buffer); |
| 355 | close(fd); | ||
| 355 | return 0; | 356 | return 0; |
| 356 | } | 357 | } |
| 358 | |||
| 357 | /* Read cipher type. */ | 359 | /* Read cipher type. */ |
| 358 | cipher_type = buffer_get_char(&buffer); | 360 | cipher_type = buffer_get_char(&buffer); |
| 359 | (void) buffer_get_int(&buffer); /* Reserved data. */ | 361 | (void) buffer_get_int(&buffer); /* Reserved data. */ |
| @@ -403,6 +405,7 @@ fail: | |||
| 403 | prv->e = NULL; | 405 | prv->e = NULL; |
| 404 | if (comment_return) | 406 | if (comment_return) |
| 405 | xfree(*comment_return); | 407 | xfree(*comment_return); |
| 408 | close(fd); | ||
| 406 | return 0; | 409 | return 0; |
| 407 | } | 410 | } |
| 408 | /* Read the rest of the private key. */ | 411 | /* Read the rest of the private key. */ |
| @@ -431,7 +434,7 @@ fail: | |||
| 431 | BN_CTX_free(ctx); | 434 | BN_CTX_free(ctx); |
| 432 | 435 | ||
| 433 | buffer_free(&decrypted); | 436 | buffer_free(&decrypted); |
| 434 | 437 | close(fd); | |
| 435 | return 1; | 438 | return 1; |
| 436 | } | 439 | } |
| 437 | 440 | ||
| @@ -446,6 +449,7 @@ load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_ret | |||
| 446 | fp = fdopen(fd, "r"); | 449 | fp = fdopen(fd, "r"); |
| 447 | if (fp == NULL) { | 450 | if (fp == NULL) { |
| 448 | error("fdopen failed"); | 451 | error("fdopen failed"); |
| 452 | close(fd); | ||
| 449 | return 0; | 453 | return 0; |
| 450 | } | 454 | } |
| 451 | pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase); | 455 | pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase); |
| @@ -515,7 +519,7 @@ load_private_key(const char *filename, const char *passphrase, Key *key, | |||
| 515 | error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); | 519 | error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); |
| 516 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 520 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| 517 | error("Bad ownership or mode(0%3.3o) for '%s'.", | 521 | error("Bad ownership or mode(0%3.3o) for '%s'.", |
| 518 | st.st_mode & 0777, filename); | 522 | st.st_mode & 0777, filename); |
| 519 | error("It is recommended that your private key files are NOT accessible by others."); | 523 | error("It is recommended that your private key files are NOT accessible by others."); |
| 520 | return 0; | 524 | return 0; |
| 521 | } | 525 | } |
| @@ -530,16 +534,19 @@ load_private_key(const char *filename, const char *passphrase, Key *key, | |||
| 530 | key->rsa->n = NULL; | 534 | key->rsa->n = NULL; |
| 531 | } | 535 | } |
| 532 | ret = load_private_key_rsa1(fd, filename, passphrase, | 536 | ret = load_private_key_rsa1(fd, filename, passphrase, |
| 533 | key->rsa, comment_return); | 537 | key->rsa, comment_return); /* closes fd */ |
| 538 | |||
| 534 | break; | 539 | break; |
| 535 | case KEY_DSA: | 540 | case KEY_DSA: |
| 536 | case KEY_RSA: | 541 | case KEY_RSA: |
| 537 | case KEY_UNSPEC: | 542 | case KEY_UNSPEC: |
| 538 | ret = load_private_key_ssh2(fd, passphrase, key, comment_return); | 543 | ret = load_private_key_ssh2(fd, passphrase, key, |
| 544 | comment_return); /* closes fd */ | ||
| 545 | break; | ||
| 539 | default: | 546 | default: |
| 547 | close(fd); | ||
| 540 | break; | 548 | break; |
| 541 | } | 549 | } |
| 542 | close(fd); | ||
| 543 | return ret; | 550 | return ret; |
| 544 | } | 551 | } |
| 545 | 552 | ||