- millert@cvs.openbsd.org 2001/03/04 17:42:28

[openssh.git] / authfile.c

diff --git a/authfile.c b/authfile.c
index 8d39e32e43dafd6f9f0c4ccea00f371d4a10115b..9f03d5137e333107e008d2e8f90e1b451a625ac8 100644 (file)
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.26 2001/01/28 22:27:05 stevesk Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -49,6 +49,7 @@ RCSID("$OpenBSD: authfile.c,v 1.26 2001/01/28 22:27:05 stevesk Exp $");
 #include "key.h"
 #include "ssh.h"
 #include "log.h"
+#include "authfile.h"
 
 /* Version identification string for identity files. */
 static const char authfile_id_string[] =
@@ -335,12 +336,12 @@ load_private_key_rsa1(int fd, const char *filename,
                close(fd);
                return 0;
        }
-       close(fd);
 
        /* Check that it is at least big enough to contain the ID string. */
        if (len < sizeof(authfile_id_string)) {
                debug3("Bad RSA1 key file %.200s.", filename);
                buffer_free(&buffer);
+               close(fd);
                return 0;
        }
        /*
@@ -351,8 +352,10 @@ load_private_key_rsa1(int fd, const char *filename,
                if (buffer_get_char(&buffer) != authfile_id_string[i]) {
                        debug3("Bad RSA1 key file %.200s.", filename);
                        buffer_free(&buffer);
+                       close(fd);
                        return 0;
                }
+
        /* Read cipher type. */
        cipher_type = buffer_get_char(&buffer);
        (void) buffer_get_int(&buffer); /* Reserved data. */
@@ -402,6 +405,7 @@ fail:
                prv->e = NULL;
                if (comment_return)
                        xfree(*comment_return);
+               close(fd);
                return 0;
        }
        /* Read the rest of the private key. */
@@ -430,7 +434,7 @@ fail:
        BN_CTX_free(ctx);
 
        buffer_free(&decrypted);
-
+       close(fd);
        return 1;
 }
 
@@ -445,6 +449,7 @@ load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_ret
        fp = fdopen(fd, "r");
        if (fp == NULL) {
                error("fdopen failed");
+               close(fd);
                return 0;
        }
        pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
@@ -514,7 +519,7 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
                error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                error("Bad ownership or mode(0%3.3o) for '%s'.",
-                     st.st_mode & 0777, filename);
+                   st.st_mode & 0777, filename);
                error("It is recommended that your private key files are NOT accessible by others.");
                return 0;
        }
@@ -529,16 +534,19 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
                        key->rsa->n = NULL;
                }
                ret = load_private_key_rsa1(fd, filename, passphrase,
-                    key->rsa, comment_return);
+                   key->rsa, comment_return);          /* closes fd */
+
                break;
        case KEY_DSA:
        case KEY_RSA:
        case KEY_UNSPEC:
-               ret = load_private_key_ssh2(fd, passphrase, key, comment_return);
+               ret = load_private_key_ssh2(fd, passphrase, key,
+                   comment_return);                    /* closes fd */
+               break;
        default:
+               close(fd);
                break;
        }
-       close(fd);
        return ret;
 }