===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth-options.c,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- src/usr.bin/ssh/auth-options.c	2013/11/08 00:39:14	1.61
+++ src/usr.bin/ssh/auth-options.c	2013/12/19 00:27:57	1.62
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -430,7 +430,7 @@
 	u_char *data_blob = NULL;
 	u_int nlen, dlen, clen;
 	Buffer c, data;
-	int ret = -1, found;
+	int ret = -1, result, found;
 
 	buffer_init(&data);
 
@@ -499,11 +499,12 @@
 					goto out;
 				}
 				remote_ip = get_remote_ipaddr();
-				switch (addr_match_cidr_list(remote_ip,
-				    allowed)) {
+				result = addr_match_cidr_list(remote_ip,
+				    allowed);
+				free(allowed);
+				switch (result) {
 				case 1:
 					/* accepted */
-					free(allowed);
 					break;
 				case 0:
 					/* no match */
@@ -516,12 +517,11 @@
 					    "is not permitted to use this "
 					    "certificate for login.",
 					    remote_ip);
-					free(allowed);
 					goto out;
 				case -1:
+				default:
 					error("Certificate source-address "
 					    "contents invalid");
-					free(allowed);
 					goto out;
 				}
 				found = 1;