use path_absolute() for pathname checks; from Manoj Ampalam

author: djm <djm@openbsd.org> 2018-11-16 03:26:01 +0000
committer: djm <djm@openbsd.org> 2018-11-16 03:26:01 +0000
commit: 655987b9ca8c40c15e95707cdf42c2f6dbd94e1f (patch)
tree: 28a0ef4a78ba482b2597a55b54d5be34a1410c70 /usr.bin/ssh/auth.c
parent: disallow empty incoming filename or ones that refer to the current (diff)
download: wireguard-openbsd-655987b9ca8c40c15e95707cdf42c2f6dbd94e1f.tar.xz
wireguard-openbsd-655987b9ca8c40c15e95707cdf42c2f6dbd94e1f.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index e73ecef7545..2c397903a58 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -347,7 +347,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
 	 * Ensure that filename starts anchored. If not, be backward
 	 * compatible and prepend the '%h/'
 	 */
-	if (*file == '/')
+	if (path_absolute(file))
 		return (file);
 
 	i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
@@ -759,7 +759,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
 	 * If executing an explicit binary, then verify the it exists
 	 * and appears safe-ish to execute
 	 */
-	if (*av[0] != '/') {
+	if (!path_absolute(av[0])) {
 		error("%s path is not absolute", tag);
 		return 0;
 	}
author	djm <djm@openbsd.org>	2018-11-16 03:26:01 +0000
committer	djm <djm@openbsd.org>	2018-11-16 03:26:01 +0000
commit	655987b9ca8c40c15e95707cdf42c2f6dbd94e1f (patch)
tree	28a0ef4a78ba482b2597a55b54d5be34a1410c70 /usr.bin/ssh/auth.c
parent	disallow empty incoming filename or ones that refer to the current (diff)
download	wireguard-openbsd-655987b9ca8c40c15e95707cdf42c2f6dbd94e1f.tar.xz wireguard-openbsd-655987b9ca8c40c15e95707cdf42c2f6dbd94e1f.zip