2 files changed, 18 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index a36768081..dba7423d6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
   - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
     [ssh-keyscan.c]
     inline -> __inline__, and some indent
+   - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
+     [authfile.c]
+     improve fd handling
 20010304
 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
@@ -4199,4 +4202,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.853 2001/03/05 04:54:49 mouring Exp $
+$Id: ChangeLog,v 1.854 2001/03/05 04:59:27 mouring Exp $
diff --git a/authfile.c b/authfile.c
index aa898c725..9f03d5137 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.27 2001/02/08 19:30:51 itojun Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $");
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -336,12 +336,12 @@ load_private_key_rsa1(int fd, const char *filename,
                close(fd);
                return 0;
        }
-        close(fd);
        /* Check that it is at least big enough to contain the ID string. */
        if (len < sizeof(authfile_id_string)) {
                debug3("Bad RSA1 key file %.200s.", filename);
                buffer_free(&buffer);
+                close(fd);
                return 0;
        }
        /*
@@ -352,8 +352,10 @@ load_private_key_rsa1(int fd, const char *filename,
                if (buffer_get_char(&buffer) != authfile_id_string[i]) {
                        debug3("Bad RSA1 key file %.200s.", filename);
                        buffer_free(&buffer);
+                        close(fd);
                        return 0;
                }
        /* Read cipher type. */
        cipher_type = buffer_get_char(&buffer);
        (void) buffer_get_int(&buffer); /* Reserved data. */
@@ -403,6 +405,7 @@ fail:
                prv->e = NULL;
                if (comment_return)
                        xfree(*comment_return);
+                close(fd);
                return 0;
        }
        /* Read the rest of the private key. */
@@ -431,7 +434,7 @@ fail:
        BN_CTX_free(ctx);
        buffer_free(&decrypted);
+        close(fd);
        return 1;
 }
@@ -446,6 +449,7 @@ load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_ret
        fp = fdopen(fd, "r");
        if (fp == NULL) {
                error("fdopen failed");
+                close(fd);
                return 0;
        }
        pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
@@ -515,7 +519,7 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
                error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                error("Bad ownership or mode(0%3.3o) for '%s'.",
-                      st.st_mode & 0777, filename);
+                    st.st_mode & 0777, filename);
                error("It is recommended that your private key files are NOT accessible by others.");
                return 0;
        }
@@ -530,16 +534,19 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
                        key->rsa->n = NULL;
                }
                ret = load_private_key_rsa1(fd, filename, passphrase,
-                     key->rsa, comment_return);
+                    key->rsa, comment_return);          /* closes fd */
                break;
        case KEY_DSA:
        case KEY_RSA:
        case KEY_UNSPEC:
-                ret = load_private_key_ssh2(fd, passphrase, key, comment_return);
+                ret = load_private_key_ssh2(fd, passphrase, key,
+                    comment_return);                    /* closes fd */
+                break;
        default:
+                close(fd);
                break;
        }
-        close(fd);
        return ret;
 }

diff --git a/ChangeLog b/ChangeLog index a36768081..dba7423d6 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -7,6 +7,9 @@
7	- deraadt@cvs.openbsd.org 2001/02/21 07:37:04	7	- deraadt@cvs.openbsd.org 2001/02/21 07:37:04
8	[ssh-keyscan.c]	8	[ssh-keyscan.c]
9	inline -> __inline__, and some indent	9	inline -> __inline__, and some indent
		10	- deraadt@cvs.openbsd.org 2001/02/21 09:05:54
		11	[authfile.c]
		12	improve fd handling
10		13
11	20010304	14	20010304
12	- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.	15	- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
@@ -4199,4 +4202,4 @@
4199	- Wrote replacements for strlcpy and mkdtemp	4202	- Wrote replacements for strlcpy and mkdtemp
4200	- Released 1.0pre1	4203	- Released 1.0pre1
4201		4204
4202	$Id: ChangeLog,v 1.853 2001/03/05 04:54:49 mouring Exp $	4205	$Id: ChangeLog,v 1.854 2001/03/05 04:59:27 mouring Exp $


diff --git a/authfile.c b/authfile.c index aa898c725..9f03d5137 100644 --- a/authfile.c +++ b/authfile.c
@@ -36,7 +36,7 @@
36	*/	36	*/
37		37
38	#include "includes.h"	38	#include "includes.h"
39	RCSID("$OpenBSD: authfile.c,v 1.27 2001/02/08 19:30:51 itojun Exp $");	39	RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $");
40		40
41	#include <openssl/err.h>	41	#include <openssl/err.h>
42	#include <openssl/evp.h>	42	#include <openssl/evp.h>
@@ -336,12 +336,12 @@ load_private_key_rsa1(int fd, const char *filename,
336	close(fd);	336	close(fd);
337	return 0;	337	return 0;
338	}	338	}
339	close(fd);
340		339
341	/* Check that it is at least big enough to contain the ID string. */	340	/* Check that it is at least big enough to contain the ID string. */
342	if (len < sizeof(authfile_id_string)) {	341	if (len < sizeof(authfile_id_string)) {
343	debug3("Bad RSA1 key file %.200s.", filename);	342	debug3("Bad RSA1 key file %.200s.", filename);
344	buffer_free(&buffer);	343	buffer_free(&buffer);
		344	close(fd);
345	return 0;	345	return 0;
346	}	346	}
347	/*	347	/*
@@ -352,8 +352,10 @@ load_private_key_rsa1(int fd, const char *filename,
352	if (buffer_get_char(&buffer) != authfile_id_string[i]) {	352	if (buffer_get_char(&buffer) != authfile_id_string[i]) {
353	debug3("Bad RSA1 key file %.200s.", filename);	353	debug3("Bad RSA1 key file %.200s.", filename);
354	buffer_free(&buffer);	354	buffer_free(&buffer);
		355	close(fd);
355	return 0;	356	return 0;
356	}	357	}
		358
357	/* Read cipher type. */	359	/* Read cipher type. */
358	cipher_type = buffer_get_char(&buffer);	360	cipher_type = buffer_get_char(&buffer);
359	(void) buffer_get_int(&buffer); /* Reserved data. */	361	(void) buffer_get_int(&buffer); /* Reserved data. */
@@ -403,6 +405,7 @@ fail:
403	prv->e = NULL;	405	prv->e = NULL;
404	if (comment_return)	406	if (comment_return)
405	xfree(*comment_return);	407	xfree(*comment_return);
		408	close(fd);
406	return 0;	409	return 0;
407	}	410	}
408	/* Read the rest of the private key. */	411	/* Read the rest of the private key. */
@@ -431,7 +434,7 @@ fail:
431	BN_CTX_free(ctx);	434	BN_CTX_free(ctx);
432		435
433	buffer_free(&decrypted);	436	buffer_free(&decrypted);
434		437	close(fd);
435	return 1;	438	return 1;
436	}	439	}
437		440
@@ -446,6 +449,7 @@ load_private_key_ssh2(int fd, const char passphrase, Key k, char **comment_ret
446	fp = fdopen(fd, "r");	449	fp = fdopen(fd, "r");
447	if (fp == NULL) {	450	if (fp == NULL) {
448	error("fdopen failed");	451	error("fdopen failed");
		452	close(fd);
449	return 0;	453	return 0;
450	}	454	}
451	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);	455	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
@@ -515,7 +519,7 @@ load_private_key(const char filename, const char passphrase, Key *key,
515	error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");	519	error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
516	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");	520	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
517	error("Bad ownership or mode(0%3.3o) for '%s'.",	521	error("Bad ownership or mode(0%3.3o) for '%s'.",
518	st.st_mode & 0777, filename);	522	st.st_mode & 0777, filename);
519	error("It is recommended that your private key files are NOT accessible by others.");	523	error("It is recommended that your private key files are NOT accessible by others.");
520	return 0;	524	return 0;
521	}	525	}
@@ -530,16 +534,19 @@ load_private_key(const char filename, const char passphrase, Key *key,
530	key->rsa->n = NULL;	534	key->rsa->n = NULL;
531	}	535	}
532	ret = load_private_key_rsa1(fd, filename, passphrase,	536	ret = load_private_key_rsa1(fd, filename, passphrase,
533	key->rsa, comment_return);	537	key->rsa, comment_return); /* closes fd */
		538
534	break;	539	break;
535	case KEY_DSA:	540	case KEY_DSA:
536	case KEY_RSA:	541	case KEY_RSA:
537	case KEY_UNSPEC:	542	case KEY_UNSPEC:
538	ret = load_private_key_ssh2(fd, passphrase, key, comment_return);	543	ret = load_private_key_ssh2(fd, passphrase, key,
		544	comment_return); /* closes fd */
		545	break;
539	default:	546	default:
		547	close(fd);
540	break;	548	break;
541	}	549	}
542	close(fd);
543	return ret;	550	return ret;
544	}	551	}
545		552