diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | auth-options.c | 14 |
2 files changed, 10 insertions, 7 deletions
@@ -11,6 +11,9 @@ | |||
11 | Cast client_alive_interval to u_int64_t before assinging to | 11 | Cast client_alive_interval to u_int64_t before assinging to |
12 | max_time_milliseconds to avoid potential integer overflow in the timeout. | 12 | max_time_milliseconds to avoid potential integer overflow in the timeout. |
13 | bz#2170, patch from Loganaden Velvindron, ok djm@ | 13 | bz#2170, patch from Loganaden Velvindron, ok djm@ |
14 | - djm@cvs.openbsd.org 2013/12/19 00:27:57 | ||
15 | [auth-options.c] | ||
16 | simplify freeing of source-address certificate restriction | ||
14 | 17 | ||
15 | 20131221 | 18 | 20131221 |
16 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. | 19 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. |
diff --git a/auth-options.c b/auth-options.c index b370b5be6..fa209eaab 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -432,7 +432,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
432 | u_char *data_blob = NULL; | 432 | u_char *data_blob = NULL; |
433 | u_int nlen, dlen, clen; | 433 | u_int nlen, dlen, clen; |
434 | Buffer c, data; | 434 | Buffer c, data; |
435 | int ret = -1, found; | 435 | int ret = -1, result, found; |
436 | 436 | ||
437 | buffer_init(&data); | 437 | buffer_init(&data); |
438 | 438 | ||
@@ -501,11 +501,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
501 | goto out; | 501 | goto out; |
502 | } | 502 | } |
503 | remote_ip = get_remote_ipaddr(); | 503 | remote_ip = get_remote_ipaddr(); |
504 | switch (addr_match_cidr_list(remote_ip, | 504 | result = addr_match_cidr_list(remote_ip, |
505 | allowed)) { | 505 | allowed); |
506 | free(allowed); | ||
507 | switch (result) { | ||
506 | case 1: | 508 | case 1: |
507 | /* accepted */ | 509 | /* accepted */ |
508 | free(allowed); | ||
509 | break; | 510 | break; |
510 | case 0: | 511 | case 0: |
511 | /* no match */ | 512 | /* no match */ |
@@ -518,12 +519,11 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
518 | "is not permitted to use this " | 519 | "is not permitted to use this " |
519 | "certificate for login.", | 520 | "certificate for login.", |
520 | remote_ip); | 521 | remote_ip); |
521 | free(allowed); | ||
522 | goto out; | 522 | goto out; |
523 | case -1: | 523 | case -1: |
524 | default: | ||
524 | error("Certificate source-address " | 525 | error("Certificate source-address " |
525 | "contents invalid"); | 526 | "contents invalid"); |
526 | free(allowed); | ||
527 | goto out; | 527 | goto out; |
528 | } | 528 | } |
529 | found = 1; | 529 | found = 1; |