diff options
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 66 |
1 files changed, 34 insertions, 32 deletions
diff --git a/auth-options.c b/auth-options.c index 78e8f3955..73e330bf5 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -83,15 +83,15 @@ auth_clear_options(void) | |||
83 | while (custom_environment) { | 83 | while (custom_environment) { |
84 | struct envstring *ce = custom_environment; | 84 | struct envstring *ce = custom_environment; |
85 | custom_environment = ce->next; | 85 | custom_environment = ce->next; |
86 | xfree(ce->s); | 86 | free(ce->s); |
87 | xfree(ce); | 87 | free(ce); |
88 | } | 88 | } |
89 | if (forced_command) { | 89 | if (forced_command) { |
90 | xfree(forced_command); | 90 | free(forced_command); |
91 | forced_command = NULL; | 91 | forced_command = NULL; |
92 | } | 92 | } |
93 | if (authorized_principals) { | 93 | if (authorized_principals) { |
94 | xfree(authorized_principals); | 94 | free(authorized_principals); |
95 | authorized_principals = NULL; | 95 | authorized_principals = NULL; |
96 | } | 96 | } |
97 | forced_tun_device = -1; | 97 | forced_tun_device = -1; |
@@ -160,7 +160,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
160 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 160 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
161 | opts += strlen(cp); | 161 | opts += strlen(cp); |
162 | if (forced_command != NULL) | 162 | if (forced_command != NULL) |
163 | xfree(forced_command); | 163 | free(forced_command); |
164 | forced_command = xmalloc(strlen(opts) + 1); | 164 | forced_command = xmalloc(strlen(opts) + 1); |
165 | i = 0; | 165 | i = 0; |
166 | while (*opts) { | 166 | while (*opts) { |
@@ -178,7 +178,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
178 | file, linenum); | 178 | file, linenum); |
179 | auth_debug_add("%.100s, line %lu: missing end quote", | 179 | auth_debug_add("%.100s, line %lu: missing end quote", |
180 | file, linenum); | 180 | file, linenum); |
181 | xfree(forced_command); | 181 | free(forced_command); |
182 | forced_command = NULL; | 182 | forced_command = NULL; |
183 | goto bad_option; | 183 | goto bad_option; |
184 | } | 184 | } |
@@ -191,7 +191,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
191 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 191 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
192 | opts += strlen(cp); | 192 | opts += strlen(cp); |
193 | if (authorized_principals != NULL) | 193 | if (authorized_principals != NULL) |
194 | xfree(authorized_principals); | 194 | free(authorized_principals); |
195 | authorized_principals = xmalloc(strlen(opts) + 1); | 195 | authorized_principals = xmalloc(strlen(opts) + 1); |
196 | i = 0; | 196 | i = 0; |
197 | while (*opts) { | 197 | while (*opts) { |
@@ -209,7 +209,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
209 | file, linenum); | 209 | file, linenum); |
210 | auth_debug_add("%.100s, line %lu: missing end quote", | 210 | auth_debug_add("%.100s, line %lu: missing end quote", |
211 | file, linenum); | 211 | file, linenum); |
212 | xfree(authorized_principals); | 212 | free(authorized_principals); |
213 | authorized_principals = NULL; | 213 | authorized_principals = NULL; |
214 | goto bad_option; | 214 | goto bad_option; |
215 | } | 215 | } |
@@ -243,7 +243,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
243 | file, linenum); | 243 | file, linenum); |
244 | auth_debug_add("%.100s, line %lu: missing end quote", | 244 | auth_debug_add("%.100s, line %lu: missing end quote", |
245 | file, linenum); | 245 | file, linenum); |
246 | xfree(s); | 246 | free(s); |
247 | goto bad_option; | 247 | goto bad_option; |
248 | } | 248 | } |
249 | s[i] = '\0'; | 249 | s[i] = '\0'; |
@@ -280,7 +280,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
280 | file, linenum); | 280 | file, linenum); |
281 | auth_debug_add("%.100s, line %lu: missing end quote", | 281 | auth_debug_add("%.100s, line %lu: missing end quote", |
282 | file, linenum); | 282 | file, linenum); |
283 | xfree(patterns); | 283 | free(patterns); |
284 | goto bad_option; | 284 | goto bad_option; |
285 | } | 285 | } |
286 | patterns[i] = '\0'; | 286 | patterns[i] = '\0'; |
@@ -288,7 +288,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
288 | switch (match_host_and_ip(remote_host, remote_ip, | 288 | switch (match_host_and_ip(remote_host, remote_ip, |
289 | patterns)) { | 289 | patterns)) { |
290 | case 1: | 290 | case 1: |
291 | xfree(patterns); | 291 | free(patterns); |
292 | /* Host name matches. */ | 292 | /* Host name matches. */ |
293 | goto next_option; | 293 | goto next_option; |
294 | case -1: | 294 | case -1: |
@@ -298,7 +298,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
298 | "invalid criteria", file, linenum); | 298 | "invalid criteria", file, linenum); |
299 | /* FALLTHROUGH */ | 299 | /* FALLTHROUGH */ |
300 | case 0: | 300 | case 0: |
301 | xfree(patterns); | 301 | free(patterns); |
302 | if (!logged_from_hostip) { | 302 | if (!logged_from_hostip) { |
303 | logit("Authentication tried for %.100s with " | 303 | logit("Authentication tried for %.100s with " |
304 | "correct key but not from a permitted " | 304 | "correct key but not from a permitted " |
@@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
337 | file, linenum); | 337 | file, linenum); |
338 | auth_debug_add("%.100s, line %lu: missing " | 338 | auth_debug_add("%.100s, line %lu: missing " |
339 | "end quote", file, linenum); | 339 | "end quote", file, linenum); |
340 | xfree(patterns); | 340 | free(patterns); |
341 | goto bad_option; | 341 | goto bad_option; |
342 | } | 342 | } |
343 | patterns[i] = '\0'; | 343 | patterns[i] = '\0'; |
@@ -351,7 +351,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
351 | auth_debug_add("%.100s, line %lu: " | 351 | auth_debug_add("%.100s, line %lu: " |
352 | "Bad permitopen specification", file, | 352 | "Bad permitopen specification", file, |
353 | linenum); | 353 | linenum); |
354 | xfree(patterns); | 354 | free(patterns); |
355 | goto bad_option; | 355 | goto bad_option; |
356 | } | 356 | } |
357 | host = cleanhostname(host); | 357 | host = cleanhostname(host); |
@@ -360,12 +360,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
360 | "<%.100s>", file, linenum, p ? p : ""); | 360 | "<%.100s>", file, linenum, p ? p : ""); |
361 | auth_debug_add("%.100s, line %lu: " | 361 | auth_debug_add("%.100s, line %lu: " |
362 | "Bad permitopen port", file, linenum); | 362 | "Bad permitopen port", file, linenum); |
363 | xfree(patterns); | 363 | free(patterns); |
364 | goto bad_option; | 364 | goto bad_option; |
365 | } | 365 | } |
366 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) | 366 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) |
367 | channel_add_permitted_opens(host, port); | 367 | channel_add_permitted_opens(host, port); |
368 | xfree(patterns); | 368 | free(patterns); |
369 | goto next_option; | 369 | goto next_option; |
370 | } | 370 | } |
371 | cp = "tunnel=\""; | 371 | cp = "tunnel=\""; |
@@ -384,13 +384,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
384 | file, linenum); | 384 | file, linenum); |
385 | auth_debug_add("%.100s, line %lu: missing end quote", | 385 | auth_debug_add("%.100s, line %lu: missing end quote", |
386 | file, linenum); | 386 | file, linenum); |
387 | xfree(tun); | 387 | free(tun); |
388 | forced_tun_device = -1; | 388 | forced_tun_device = -1; |
389 | goto bad_option; | 389 | goto bad_option; |
390 | } | 390 | } |
391 | tun[i] = '\0'; | 391 | tun[i] = '\0'; |
392 | forced_tun_device = a2tun(tun, NULL); | 392 | forced_tun_device = a2tun(tun, NULL); |
393 | xfree(tun); | 393 | free(tun); |
394 | if (forced_tun_device == SSH_TUNID_ERR) { | 394 | if (forced_tun_device == SSH_TUNID_ERR) { |
395 | debug("%.100s, line %lu: invalid tun device", | 395 | debug("%.100s, line %lu: invalid tun device", |
396 | file, linenum); | 396 | file, linenum); |
@@ -446,7 +446,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
446 | { | 446 | { |
447 | char *command, *allowed; | 447 | char *command, *allowed; |
448 | const char *remote_ip; | 448 | const char *remote_ip; |
449 | u_char *name = NULL, *data_blob = NULL; | 449 | char *name = NULL; |
450 | u_char *data_blob = NULL; | ||
450 | u_int nlen, dlen, clen; | 451 | u_int nlen, dlen, clen; |
451 | Buffer c, data; | 452 | Buffer c, data; |
452 | int ret = -1, found; | 453 | int ret = -1, found; |
@@ -498,7 +499,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
498 | if (*cert_forced_command != NULL) { | 499 | if (*cert_forced_command != NULL) { |
499 | error("Certificate has multiple " | 500 | error("Certificate has multiple " |
500 | "force-command options"); | 501 | "force-command options"); |
501 | xfree(command); | 502 | free(command); |
502 | goto out; | 503 | goto out; |
503 | } | 504 | } |
504 | *cert_forced_command = command; | 505 | *cert_forced_command = command; |
@@ -514,7 +515,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
514 | if ((*cert_source_address_done)++) { | 515 | if ((*cert_source_address_done)++) { |
515 | error("Certificate has multiple " | 516 | error("Certificate has multiple " |
516 | "source-address options"); | 517 | "source-address options"); |
517 | xfree(allowed); | 518 | free(allowed); |
518 | goto out; | 519 | goto out; |
519 | } | 520 | } |
520 | remote_ip = get_remote_ipaddr(); | 521 | remote_ip = get_remote_ipaddr(); |
@@ -522,7 +523,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
522 | allowed)) { | 523 | allowed)) { |
523 | case 1: | 524 | case 1: |
524 | /* accepted */ | 525 | /* accepted */ |
525 | xfree(allowed); | 526 | free(allowed); |
526 | break; | 527 | break; |
527 | case 0: | 528 | case 0: |
528 | /* no match */ | 529 | /* no match */ |
@@ -538,12 +539,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
538 | "is not permitted to use this " | 539 | "is not permitted to use this " |
539 | "certificate for login.", | 540 | "certificate for login.", |
540 | remote_ip); | 541 | remote_ip); |
541 | xfree(allowed); | 542 | free(allowed); |
542 | goto out; | 543 | goto out; |
543 | case -1: | 544 | case -1: |
544 | error("Certificate source-address " | 545 | error("Certificate source-address " |
545 | "contents invalid"); | 546 | "contents invalid"); |
546 | xfree(allowed); | 547 | free(allowed); |
547 | goto out; | 548 | goto out; |
548 | } | 549 | } |
549 | found = 1; | 550 | found = 1; |
@@ -565,9 +566,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
565 | goto out; | 566 | goto out; |
566 | } | 567 | } |
567 | buffer_clear(&data); | 568 | buffer_clear(&data); |
568 | xfree(name); | 569 | free(name); |
569 | xfree(data_blob); | 570 | free(data_blob); |
570 | name = data_blob = NULL; | 571 | name = NULL; |
572 | data_blob = NULL; | ||
571 | } | 573 | } |
572 | /* successfully parsed all options */ | 574 | /* successfully parsed all options */ |
573 | ret = 0; | 575 | ret = 0; |
@@ -576,13 +578,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
576 | if (ret != 0 && | 578 | if (ret != 0 && |
577 | cert_forced_command != NULL && | 579 | cert_forced_command != NULL && |
578 | *cert_forced_command != NULL) { | 580 | *cert_forced_command != NULL) { |
579 | xfree(*cert_forced_command); | 581 | free(*cert_forced_command); |
580 | *cert_forced_command = NULL; | 582 | *cert_forced_command = NULL; |
581 | } | 583 | } |
582 | if (name != NULL) | 584 | if (name != NULL) |
583 | xfree(name); | 585 | free(name); |
584 | if (data_blob != NULL) | 586 | if (data_blob != NULL) |
585 | xfree(data_blob); | 587 | free(data_blob); |
586 | buffer_free(&data); | 588 | buffer_free(&data); |
587 | buffer_free(&c); | 589 | buffer_free(&c); |
588 | return ret; | 590 | return ret; |
@@ -644,7 +646,7 @@ auth_cert_options(Key *k, struct passwd *pw) | |||
644 | /* CA-specified forced command supersedes key option */ | 646 | /* CA-specified forced command supersedes key option */ |
645 | if (cert_forced_command != NULL) { | 647 | if (cert_forced_command != NULL) { |
646 | if (forced_command != NULL) | 648 | if (forced_command != NULL) |
647 | xfree(forced_command); | 649 | free(forced_command); |
648 | forced_command = cert_forced_command; | 650 | forced_command = cert_forced_command; |
649 | } | 651 | } |
650 | return 0; | 652 | return 0; |