- djm@cvs.openbsd.org 2013/12/19 00:27:57

     [auth-options.c]
     simplify freeing of source-address certificate restriction

1 files changed, 7 insertions, 7 deletions

diff --git a/auth-options.c b/auth-options.c
index b370b5be..fa209eaa 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -432,7 +432,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 	u_char *data_blob = NULL;
 	u_int nlen, dlen, clen;
 	Buffer c, data;
-	int ret = -1, found;
+	int ret = -1, result, found;
 
 	buffer_init(&data);
 
@@ -501,11 +501,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 					goto out;
 				}
 				remote_ip = get_remote_ipaddr();
-				switch (addr_match_cidr_list(remote_ip,
-				    allowed)) {
+				result = addr_match_cidr_list(remote_ip,
+				    allowed);
+				free(allowed);
+				switch (result) {
 				case 1:
 					/* accepted */
-					free(allowed);
 					break;
 				case 0:
 					/* no match */
@@ -518,12 +519,11 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 					    "is not permitted to use this "
 					    "certificate for login.",
 					    remote_ip);
-					free(allowed);
 					goto out;
 				case -1:
+				default:
 					error("Certificate source-address "
 					    "contents invalid");
-					free(allowed);
 					goto out;
 				}
 				found = 1;