diff options
| author | djm <djm> | 2013-12-29 06:44:56 +0000 |
|---|---|---|
| committer | djm <djm> | 2013-12-29 06:44:56 +0000 |
| commit | 7316cf1da8c0b5a069c0572567b0dfc7a8b05c82 (patch) | |
| tree | ff4c84f9c90bceca54296f01a29a248a050c42ff /auth-options.c | |
| parent | a1eec160f1b1d24462e4b3f3aa8ccb5a2f26deeb (diff) | |
| download | openssh-7316cf1da8c0b5a069c0572567b0dfc7a8b05c82.tar.gz | |
- djm@cvs.openbsd.org 2013/12/19 00:27:57
[auth-options.c]
simplify freeing of source-address certificate restriction
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/auth-options.c b/auth-options.c index 80d59ee9..fa209eaa 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -33,10 +33,6 @@ #include "auth-options.h" #include "hostfile.h" #include "auth.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" /* Flags set authorized_keys flags */ int no_port_forwarding_flag = 0; @@ -239,7 +235,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) auth_debug_add("Adding to environment: %.900s", s); debug("Adding to environment: %.900s", s); opts++; - new_envstring = xmalloc(sizeof(struct envstring)); + new_envstring = xcalloc(1, sizeof(struct envstring)); new_envstring->s = s; new_envstring->next = custom_environment; custom_environment = new_envstring; @@ -436,7 +432,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, u_char *data_blob = NULL; u_int nlen, dlen, clen; Buffer c, data; - int ret = -1, found; + int ret = -1, result, found; buffer_init(&data); @@ -505,11 +501,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, goto out; } remote_ip = get_remote_ipaddr(); - switch (addr_match_cidr_list(remote_ip, - allowed)) { + result = addr_match_cidr_list(remote_ip, + allowed); + free(allowed); + switch (result) { case 1: /* accepted */ - free(allowed); break; case 0: /* no match */ @@ -522,12 +519,11 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "is not permitted to use this " "certificate for login.", remote_ip); - free(allowed); goto out; case -1: + default: error("Certificate source-address " "contents invalid"); - free(allowed); goto out; } found = 1; |