check the inferred path is in /etc/signify

author: tedu <tedu@openbsd.org> 2014-03-16 18:03:19 +0000
committer: tedu <tedu@openbsd.org> 2014-03-16 18:03:19 +0000
commit: b0b02d106df0d23e1e72712a9e09ee738d22736e (patch)
tree: 06f1835a8f597bc6c473bbf5be8b486406ac0760
parent: start trusting the untrusted comment. (a little) (diff)
download: wireguard-openbsd-b0b02d106df0d23e1e72712a9e09ee738d22736e.tar.xz
wireguard-openbsd-b0b02d106df0d23e1e72712a9e09ee738d22736e.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c
index 4d7474c427c..25b7ac6df7e 100644
--- a/usr.bin/signify/signify.c
+++ b/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.51 2014/03/16 17:58:28 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.52 2014/03/16 18:03:19 tedu Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -461,9 +461,12 @@ verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 		readb64file(sigfile, &sig, sizeof(sig), comment);
 	}
 	if (!pubkeyfile) {
-		if ((pubkeyfile = strstr(comment, VERIFYWITH)))
+		if ((pubkeyfile = strstr(comment, VERIFYWITH))) {
 			pubkeyfile += strlen(VERIFYWITH);
-		else
+			if (strstr(pubkeyfile, "/etc/signify") == NULL ||
+			    strstr(pubkeyfile, "..") != NULL)
+				errx(1, "untrusted path %s", pubkeyfile);
+		} else
 			usage("need pubkey");
 	}
 	readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
author	tedu <tedu@openbsd.org>	2014-03-16 18:03:19 +0000
committer	tedu <tedu@openbsd.org>	2014-03-16 18:03:19 +0000
commit	b0b02d106df0d23e1e72712a9e09ee738d22736e (patch)
tree	06f1835a8f597bc6c473bbf5be8b486406ac0760
parent	start trusting the untrusted comment. (a little) (diff)
download	wireguard-openbsd-b0b02d106df0d23e1e72712a9e09ee738d22736e.tar.xz wireguard-openbsd-b0b02d106df0d23e1e72712a9e09ee738d22736e.zip