diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-05 04:59:27 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-05 04:59:27 +0000 |
| commit | b257cca7693dcb220e06dcab5c0f3fb458fb59d5 (patch) | |
| tree | bdd4edf94f31433f95e75090e3e2f011674eb9ae | |
| parent | b0a4cd8f9174fbf14e1345a96585d19795b052c5 (diff) | |
- deraadt@cvs.openbsd.org 2001/02/21 09:05:54
[authfile.c]
improve fd handling
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | authfile.c | 21 |
2 files changed, 18 insertions, 8 deletions
@@ -7,6 +7,9 @@ - deraadt@cvs.openbsd.org 2001/02/21 07:37:04 [ssh-keyscan.c] inline -> __inline__, and some indent + - deraadt@cvs.openbsd.org 2001/02/21 09:05:54 + [authfile.c] + improve fd handling 20010304 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid. @@ -4199,4 +4202,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.853 2001/03/05 04:54:49 mouring Exp $ +$Id: ChangeLog,v 1.854 2001/03/05 04:59:27 mouring Exp $ @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.27 2001/02/08 19:30:51 itojun Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $"); #include <openssl/err.h> #include <openssl/evp.h> @@ -336,12 +336,12 @@ load_private_key_rsa1(int fd, const char *filename, close(fd); return 0; } - close(fd); /* Check that it is at least big enough to contain the ID string. */ if (len < sizeof(authfile_id_string)) { debug3("Bad RSA1 key file %.200s.", filename); buffer_free(&buffer); + close(fd); return 0; } /* @@ -352,8 +352,10 @@ load_private_key_rsa1(int fd, const char *filename, if (buffer_get_char(&buffer) != authfile_id_string[i]) { debug3("Bad RSA1 key file %.200s.", filename); buffer_free(&buffer); + close(fd); return 0; } + /* Read cipher type. */ cipher_type = buffer_get_char(&buffer); (void) buffer_get_int(&buffer); /* Reserved data. */ @@ -403,6 +405,7 @@ fail: prv->e = NULL; if (comment_return) xfree(*comment_return); + close(fd); return 0; } /* Read the rest of the private key. */ @@ -431,7 +434,7 @@ fail: BN_CTX_free(ctx); buffer_free(&decrypted); - + close(fd); return 1; } @@ -446,6 +449,7 @@ load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_ret fp = fdopen(fd, "r"); if (fp == NULL) { error("fdopen failed"); + close(fd); return 0; } pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase); @@ -515,7 +519,7 @@ load_private_key(const char *filename, const char *passphrase, Key *key, error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("Bad ownership or mode(0%3.3o) for '%s'.", - st.st_mode & 0777, filename); + st.st_mode & 0777, filename); error("It is recommended that your private key files are NOT accessible by others."); return 0; } @@ -530,16 +534,19 @@ load_private_key(const char *filename, const char *passphrase, Key *key, key->rsa->n = NULL; } ret = load_private_key_rsa1(fd, filename, passphrase, - key->rsa, comment_return); + key->rsa, comment_return); /* closes fd */ + break; case KEY_DSA: case KEY_RSA: case KEY_UNSPEC: - ret = load_private_key_ssh2(fd, passphrase, key, comment_return); + ret = load_private_key_ssh2(fd, passphrase, key, + comment_return); /* closes fd */ + break; default: + close(fd); break; } - close(fd); return ret; } |