...)
{
va_list ap;
- if (++(*pnerr) <= nerr_loglimit) {
+ if ((NULL == pnerr) || (++(*pnerr) <= nerr_loglimit)) {
va_start(ap, fmt);
mvsyslog(LOG_ERR, fmt, ap);
va_end(ap);
}
}
+static void
+free_keydata(
+ KeyDataT *node
+ )
+{
+ KeyAccT *kap;
+
+ if (node) {
+ while (node->keyacclist) {
+ kap = node->keyacclist;
+ node->keyacclist = kap->next;
+ free(kap);
+ }
+
+ /* purge secrets from memory before free()ing it */
+ memset(node, 0, sizeof(*node) + node->seclen);
+ free(node);
+ }
+}
+
/*
* authreadkeys - (re)read keys from a file.
*/
* First is key number. See if it is okay.
*/
keyno = atoi(token);
- if (keyno == 0) {
+ if (keyno < 1) {
log_maybe(&nerr,
"authreadkeys: cannot change key %s",
token);
keyno);
continue;
}
+
+ /* We want to silently ignore keys where we do not
+ * support the requested digest type. OTOH, we want to
+ * make sure the file is well-formed. That means we
+ * have to process the line completely and have to
+ * finally throw away the result... This is a bit more
+ * work, but it also results in better error detection.
+ */
#ifdef OPENSSL
/*
* The key type is the NID used by the message digest
*/
keytype = keytype_from_text(token, NULL);
if (keytype == 0) {
- log_maybe(&nerr,
+ log_maybe(NULL,
"authreadkeys: invalid type for key %d",
keyno);
- continue;
- }
- if (EVP_get_digestbynid(keytype) == NULL) {
- log_maybe(&nerr,
+ } else if (EVP_get_digestbynid(keytype) == NULL) {
+ log_maybe(NULL,
"authreadkeys: no algorithm for key %d",
keyno);
- continue;
+ keytype = 0;
}
#else /* !OPENSSL follows */
-
/*
* The key type is unused, but is required to be 'M' or
* 'm' for compatibility.
*/
if (!(*token == 'M' || *token == 'm')) {
- log_maybe(&nerr,
+ log_maybe(NULL,
"authreadkeys: invalid type for key %d",
keyno);
- continue;
+ keytype = 0;
+ } else {
+ keytype = KEY_TYPE_MD5;
}
- keytype = KEY_TYPE_MD5;
#endif /* !OPENSSL */
/*
}
}
+ /* check if this has to be weeded out... */
+ if (0 == keytype) {
+ free_keydata(next);
+ next = NULL;
+ continue;
+ }
+
INSIST(NULL != next);
next->next = list;
list = next;
list = next->next;
MD5auth_setkey(next->keyid, next->keytype,
next->secbuf, next->seclen, next->keyacclist);
- /* purge secrets from memory before free()ing it */
- memset(next, 0, sizeof(*next) + next->seclen);
- free(next);
+ next->keyacclist = NULL; /* consumed by MD5auth_setkey */
+ free_keydata(next);
}
return (1);
/* Mop up temporary storage before bailing out. */
while (NULL != (next = list)) {
list = next->next;
-
- while (next->keyacclist) {
- KeyAccT *kap = next->keyacclist;
-
- next->keyacclist = kap->next;
- free(kap);
- }
-
- /* purge secrets from memory before free()ing it */
- memset(next, 0, sizeof(*next) + next->seclen);
- free(next);
+ free_keydata(next);
}
return (0);
}
projects / thirdparty / ntp.git / commitdiff
