upstream commit

fix deadlock when keys/principals command produces a lot of output and a key is matched early; bz#2655, patch from jboning AT gmail.com Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
openssh · Jan 3, 2017 · ddd3d34 · ddd3d34
1 parent 30eee7d
commit ddd3d34
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.61 2016/12/30 22:08:02 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -727,6 +727,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
 
 	ok = process_principals(f, NULL, pw, cert);
 
+	fclose(f);
+	f = NULL;
+
 	if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
 		goto out;
 
@@ -1050,6 +1053,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
 
 	ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
 
+	fclose(f);
+	f = NULL;
+
 	if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
 		goto out;