Fix mem and FILE leaks in moduli screening.

If multiple -Ocheckpoint= options are passed, the earlier ones would
be overwritten and leaked.  If we use an input file that wasn't stdin,
close that.  From Coverity CIDs 291884 and 291894.

diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index 58f1c5d..2091e6e 100644 (file)
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.464 2023/03/05 08:18:58 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.465 2023/03/05 09:24:35 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2992,6 +2992,7 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts)
                } else if (strncmp(opts[i], "start-line=", 11) == 0) {
                        start_lineno = strtoul(opts[i]+11, NULL, 10);
                } else if (strncmp(opts[i], "checkpoint=", 11) == 0) {
+                       free(checkpoint);
                        checkpoint = xstrdup(opts[i]+11);
                } else if (strncmp(opts[i], "generator=", 10) == 0) {
                        generator_wanted = (u_int32_t)strtonum(
@@ -3030,6 +3031,8 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts)
            generator_wanted, checkpoint,
            start_lineno, lines_to_process) != 0)
                fatal("modulus screening failed");
+       if (in != stdin)
+               (void)fclose(in);
        free(checkpoint);
 #else /* WITH_OPENSSL */
        fatal("Moduli screening is not supported");