1 files changed, 34 insertions, 32 deletions

diff --git a/crypto/openssh/auth-options.c b/crypto/openssh/auth-options.c
index 23d0423e122d..80d59ee95c52 100644
--- a/crypto/openssh/auth-options.c
+++ b/crypto/openssh/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -72,15 +72,15 @@ auth_clear_options(void)
 	while (custom_environment) {
 		struct envstring *ce = custom_environment;
 		custom_environment = ce->next;
-		xfree(ce->s);
-		xfree(ce);
+		free(ce->s);
+		free(ce);
 	}
 	if (forced_command) {
-		xfree(forced_command);
+		free(forced_command);
 		forced_command = NULL;
 	}
 	if (authorized_principals) {
-		xfree(authorized_principals);
+		free(authorized_principals);
 		authorized_principals = NULL;
 	}
 	forced_tun_device = -1;
@@ -149,7 +149,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
 			opts += strlen(cp);
 			if (forced_command != NULL)
-				xfree(forced_command);
+				free(forced_command);
 			forced_command = xmalloc(strlen(opts) + 1);
 			i = 0;
 			while (*opts) {
@@ -167,7 +167,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				    file, linenum);
 				auth_debug_add("%.100s, line %lu: missing end quote",
 				    file, linenum);
-				xfree(forced_command);
+				free(forced_command);
 				forced_command = NULL;
 				goto bad_option;
 			}
@@ -180,7 +180,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
 			opts += strlen(cp);
 			if (authorized_principals != NULL)
-				xfree(authorized_principals);
+				free(authorized_principals);
 			authorized_principals = xmalloc(strlen(opts) + 1);
 			i = 0;
 			while (*opts) {
@@ -198,7 +198,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				    file, linenum);
 				auth_debug_add("%.100s, line %lu: missing end quote",
 				    file, linenum);
-				xfree(authorized_principals);
+				free(authorized_principals);
 				authorized_principals = NULL;
 				goto bad_option;
 			}
@@ -232,7 +232,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				    file, linenum);
 				auth_debug_add("%.100s, line %lu: missing end quote",
 				    file, linenum);
-				xfree(s);
+				free(s);
 				goto bad_option;
 			}
 			s[i] = '\0';
@@ -269,7 +269,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				    file, linenum);
 				auth_debug_add("%.100s, line %lu: missing end quote",
 				    file, linenum);
-				xfree(patterns);
+				free(patterns);
 				goto bad_option;
 			}
 			patterns[i] = '\0';
@@ -277,7 +277,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			switch (match_host_and_ip(remote_host, remote_ip,
 			    patterns)) {
 			case 1:
-				xfree(patterns);
+				free(patterns);
 				/* Host name matches. */
 				goto next_option;
 			case -1:
@@ -287,7 +287,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				    "invalid criteria", file, linenum);
 				/* FALLTHROUGH */
 			case 0:
-				xfree(patterns);
+				free(patterns);
 				logit("Authentication tried for %.100s with "
 				    "correct key but not from a permitted "
 				    "host (host=%.200s, ip=%.200s).",
@@ -323,7 +323,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				    file, linenum);
 				auth_debug_add("%.100s, line %lu: missing "
 				    "end quote", file, linenum);
-				xfree(patterns);
+				free(patterns);
 				goto bad_option;
 			}
 			patterns[i] = '\0';
@@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				auth_debug_add("%.100s, line %lu: "
 				    "Bad permitopen specification", file,
 				    linenum);
-				xfree(patterns);
+				free(patterns);
 				goto bad_option;
 			}
 			host = cleanhostname(host);
@@ -346,12 +346,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				    "<%.100s>", file, linenum, p ? p : "");
 				auth_debug_add("%.100s, line %lu: "
 				    "Bad permitopen port", file, linenum);
-				xfree(patterns);
+				free(patterns);
 				goto bad_option;
 			}
 			if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
 				channel_add_permitted_opens(host, port);
-			xfree(patterns);
+			free(patterns);
 			goto next_option;
 		}
 		cp = "tunnel=\"";
@@ -370,13 +370,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				    file, linenum);
 				auth_debug_add("%.100s, line %lu: missing end quote",
 				    file, linenum);
-				xfree(tun);
+				free(tun);
 				forced_tun_device = -1;
 				goto bad_option;
 			}
 			tun[i] = '\0';
 			forced_tun_device = a2tun(tun, NULL);
-			xfree(tun);
+			free(tun);
 			if (forced_tun_device == SSH_TUNID_ERR) {
 				debug("%.100s, line %lu: invalid tun device",
 				    file, linenum);
@@ -432,7 +432,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 {
 	char *command, *allowed;
 	const char *remote_ip;
-	u_char *name = NULL, *data_blob = NULL;
+	char *name = NULL;
+	u_char *data_blob = NULL;
 	u_int nlen, dlen, clen;
 	Buffer c, data;
 	int ret = -1, found;
@@ -484,7 +485,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 				if (*cert_forced_command != NULL) {
 					error("Certificate has multiple "
 					    "force-command options");
-					xfree(command);
+					free(command);
 					goto out;
 				}
 				*cert_forced_command = command;
@@ -500,7 +501,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 				if ((*cert_source_address_done)++) {
 					error("Certificate has multiple "
 					    "source-address options");
-					xfree(allowed);
+					free(allowed);
 					goto out;
 				}
 				remote_ip = get_remote_ipaddr();
@@ -508,7 +509,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 				    allowed)) {
 				case 1:
 					/* accepted */
-					xfree(allowed);
+					free(allowed);
 					break;
 				case 0:
 					/* no match */
@@ -521,12 +522,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 					    "is not permitted to use this "
 					    "certificate for login.",
 					    remote_ip);
-					xfree(allowed);
+					free(allowed);
 					goto out;
 				case -1:
 					error("Certificate source-address "
 					    "contents invalid");
-					xfree(allowed);
+					free(allowed);
 					goto out;
 				}
 				found = 1;
@@ -548,9 +549,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 			goto out;
 		}
 		buffer_clear(&data);
-		xfree(name);
-		xfree(data_blob);
-		name = data_blob = NULL;
+		free(name);
+		free(data_blob);
+		name = NULL;
+		data_blob = NULL;
 	}
 	/* successfully parsed all options */
 	ret = 0;
@@ -559,13 +561,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
 	if (ret != 0 &&
 	    cert_forced_command != NULL &&
 	    *cert_forced_command != NULL) {
-		xfree(*cert_forced_command);
+		free(*cert_forced_command);
 		*cert_forced_command = NULL;
 	}
 	if (name != NULL)
-		xfree(name);
+		free(name);
 	if (data_blob != NULL)
-		xfree(data_blob);
+		free(data_blob);
 	buffer_free(&data);
 	buffer_free(&c);
 	return ret;
@@ -627,7 +629,7 @@ auth_cert_options(Key *k, struct passwd *pw)
 	/* CA-specified forced command supersedes key option */
 	if (cert_forced_command != NULL) {
 		if (forced_command != NULL)
-			xfree(forced_command);
+			free(forced_command);
 		forced_command = cert_forced_command;
 	}
 	return 0;