summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/authfile.c b/authfile.c
index aa898c725..9f03d5137 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: authfile.c,v 1.27 2001/02/08 19:30:51 itojun Exp $"); 39RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $");
40 40
41#include <openssl/err.h> 41#include <openssl/err.h>
42#include <openssl/evp.h> 42#include <openssl/evp.h>
@@ -336,12 +336,12 @@ load_private_key_rsa1(int fd, const char *filename,
336 close(fd); 336 close(fd);
337 return 0; 337 return 0;
338 } 338 }
339 close(fd);
340 339
341 /* Check that it is at least big enough to contain the ID string. */ 340 /* Check that it is at least big enough to contain the ID string. */
342 if (len < sizeof(authfile_id_string)) { 341 if (len < sizeof(authfile_id_string)) {
343 debug3("Bad RSA1 key file %.200s.", filename); 342 debug3("Bad RSA1 key file %.200s.", filename);
344 buffer_free(&buffer); 343 buffer_free(&buffer);
344 close(fd);
345 return 0; 345 return 0;
346 } 346 }
347 /* 347 /*
@@ -352,8 +352,10 @@ load_private_key_rsa1(int fd, const char *filename,
352 if (buffer_get_char(&buffer) != authfile_id_string[i]) { 352 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
353 debug3("Bad RSA1 key file %.200s.", filename); 353 debug3("Bad RSA1 key file %.200s.", filename);
354 buffer_free(&buffer); 354 buffer_free(&buffer);
355 close(fd);
355 return 0; 356 return 0;
356 } 357 }
358
357 /* Read cipher type. */ 359 /* Read cipher type. */
358 cipher_type = buffer_get_char(&buffer); 360 cipher_type = buffer_get_char(&buffer);
359 (void) buffer_get_int(&buffer); /* Reserved data. */ 361 (void) buffer_get_int(&buffer); /* Reserved data. */
@@ -403,6 +405,7 @@ fail:
403 prv->e = NULL; 405 prv->e = NULL;
404 if (comment_return) 406 if (comment_return)
405 xfree(*comment_return); 407 xfree(*comment_return);
408 close(fd);
406 return 0; 409 return 0;
407 } 410 }
408 /* Read the rest of the private key. */ 411 /* Read the rest of the private key. */
@@ -431,7 +434,7 @@ fail:
431 BN_CTX_free(ctx); 434 BN_CTX_free(ctx);
432 435
433 buffer_free(&decrypted); 436 buffer_free(&decrypted);
434 437 close(fd);
435 return 1; 438 return 1;
436} 439}
437 440
@@ -446,6 +449,7 @@ load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_ret
446 fp = fdopen(fd, "r"); 449 fp = fdopen(fd, "r");
447 if (fp == NULL) { 450 if (fp == NULL) {
448 error("fdopen failed"); 451 error("fdopen failed");
452 close(fd);
449 return 0; 453 return 0;
450 } 454 }
451 pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase); 455 pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
@@ -515,7 +519,7 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
515 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); 519 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
516 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 520 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
517 error("Bad ownership or mode(0%3.3o) for '%s'.", 521 error("Bad ownership or mode(0%3.3o) for '%s'.",
518 st.st_mode & 0777, filename); 522 st.st_mode & 0777, filename);
519 error("It is recommended that your private key files are NOT accessible by others."); 523 error("It is recommended that your private key files are NOT accessible by others.");
520 return 0; 524 return 0;
521 } 525 }
@@ -530,16 +534,19 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
530 key->rsa->n = NULL; 534 key->rsa->n = NULL;
531 } 535 }
532 ret = load_private_key_rsa1(fd, filename, passphrase, 536 ret = load_private_key_rsa1(fd, filename, passphrase,
533 key->rsa, comment_return); 537 key->rsa, comment_return); /* closes fd */
538
534 break; 539 break;
535 case KEY_DSA: 540 case KEY_DSA:
536 case KEY_RSA: 541 case KEY_RSA:
537 case KEY_UNSPEC: 542 case KEY_UNSPEC:
538 ret = load_private_key_ssh2(fd, passphrase, key, comment_return); 543 ret = load_private_key_ssh2(fd, passphrase, key,
544 comment_return); /* closes fd */
545 break;
539 default: 546 default:
547 close(fd);
540 break; 548 break;
541 } 549 }
542 close(fd);
543 return ret; 550 return ret;
544} 551}
545 552