From b257cca7693dcb220e06dcab5c0f3fb458fb59d5 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 5 Mar 2001 04:59:27 +0000 Subject: [PATCH] - deraadt@cvs.openbsd.org 2001/02/21 09:05:54 [authfile.c] improve fd handling --- ChangeLog | 5 ++++- authfile.c | 21 ++++++++++++++------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index a36768081..dba7423d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ - deraadt@cvs.openbsd.org 2001/02/21 07:37:04 [ssh-keyscan.c] inline -> __inline__, and some indent + - deraadt@cvs.openbsd.org 2001/02/21 09:05:54 + [authfile.c] + improve fd handling 20010304 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid. @@ -4199,4 +4202,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.853 2001/03/05 04:54:49 mouring Exp $ +$Id: ChangeLog,v 1.854 2001/03/05 04:59:27 mouring Exp $ diff --git a/authfile.c b/authfile.c index aa898c725..9f03d5137 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.27 2001/02/08 19:30:51 itojun Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $"); #include #include @@ -336,12 +336,12 @@ load_private_key_rsa1(int fd, const char *filename, close(fd); return 0; } - close(fd); /* Check that it is at least big enough to contain the ID string. */ if (len < sizeof(authfile_id_string)) { debug3("Bad RSA1 key file %.200s.", filename); buffer_free(&buffer); + close(fd); return 0; } /* @@ -352,8 +352,10 @@ load_private_key_rsa1(int fd, const char *filename, if (buffer_get_char(&buffer) != authfile_id_string[i]) { debug3("Bad RSA1 key file %.200s.", filename); buffer_free(&buffer); + close(fd); return 0; } + /* Read cipher type. */ cipher_type = buffer_get_char(&buffer); (void) buffer_get_int(&buffer); /* Reserved data. */ @@ -403,6 +405,7 @@ fail: prv->e = NULL; if (comment_return) xfree(*comment_return); + close(fd); return 0; } /* Read the rest of the private key. */ @@ -431,7 +434,7 @@ fail: BN_CTX_free(ctx); buffer_free(&decrypted); - + close(fd); return 1; } @@ -446,6 +449,7 @@ load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_ret fp = fdopen(fd, "r"); if (fp == NULL) { error("fdopen failed"); + close(fd); return 0; } pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase); @@ -515,7 +519,7 @@ load_private_key(const char *filename, const char *passphrase, Key *key, error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("Bad ownership or mode(0%3.3o) for '%s'.", - st.st_mode & 0777, filename); + st.st_mode & 0777, filename); error("It is recommended that your private key files are NOT accessible by others."); return 0; } @@ -530,16 +534,19 @@ load_private_key(const char *filename, const char *passphrase, Key *key, key->rsa->n = NULL; } ret = load_private_key_rsa1(fd, filename, passphrase, - key->rsa, comment_return); + key->rsa, comment_return); /* closes fd */ + break; case KEY_DSA: case KEY_RSA: case KEY_UNSPEC: - ret = load_private_key_ssh2(fd, passphrase, key, comment_return); + ret = load_private_key_ssh2(fd, passphrase, key, + comment_return); /* closes fd */ + break; default: + close(fd); break; } - close(fd); return ret; }