diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-29 17:44:56 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-29 17:44:56 +1100 |
| commit | bf25d114e23a803f8feca8926281b1aaedb6191b (patch) | |
| tree | 6ffcd299edcd4ecf1e7093dfa0ba10406497c559 | |
| parent | bb3dafe7024a5b4e851252e65ee35d45b965e4a8 (diff) | |
| download | openssh-git-bf25d114e23a803f8feca8926281b1aaedb6191b.tar.gz | |
- djm@cvs.openbsd.org 2013/12/19 00:27:57
[auth-options.c]
simplify freeing of source-address certificate restriction
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | auth-options.c | 14 |
2 files changed, 10 insertions, 7 deletions
@@ -11,6 +11,9 @@ Cast client_alive_interval to u_int64_t before assinging to max_time_milliseconds to avoid potential integer overflow in the timeout. bz#2170, patch from Loganaden Velvindron, ok djm@ + - djm@cvs.openbsd.org 2013/12/19 00:27:57 + [auth-options.c] + simplify freeing of source-address certificate restriction 20131221 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. diff --git a/auth-options.c b/auth-options.c index b370b5be..fa209eaa 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -432,7 +432,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, u_char *data_blob = NULL; u_int nlen, dlen, clen; Buffer c, data; - int ret = -1, found; + int ret = -1, result, found; buffer_init(&data); @@ -501,11 +501,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, goto out; } remote_ip = get_remote_ipaddr(); - switch (addr_match_cidr_list(remote_ip, - allowed)) { + result = addr_match_cidr_list(remote_ip, + allowed); + free(allowed); + switch (result) { case 1: /* accepted */ - free(allowed); break; case 0: /* no match */ @@ -518,12 +519,11 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "is not permitted to use this " "certificate for login.", remote_ip); - free(allowed); goto out; case -1: + default: error("Certificate source-address " "contents invalid"); - free(allowed); goto out; } found = 1; |