[BACK]Return to signify.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / signify

Diff for /src/usr.bin/signify/signify.c between version 1.75 and 1.76

version 1.75, 2014/05/06 23:24:19 version 1.76, 2014/05/06 23:27:50
Line 454 
Line 454 
 readpubkey(const char *pubkeyfile, struct pubkey *pubkey,  readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
     const char *sigcomment)      const char *sigcomment)
 {  {
           const char *safepath = "/etc/signify/";
   
         if (!pubkeyfile) {          if (!pubkeyfile) {
                 if ((pubkeyfile = strstr(sigcomment, VERIFYWITH))) {                  if ((pubkeyfile = strstr(sigcomment, VERIFYWITH))) {
                         pubkeyfile += strlen(VERIFYWITH);                          pubkeyfile += strlen(VERIFYWITH);
                         if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 ||                          if (strncmp(pubkeyfile, safepath, strlen(safepath)) != 0 ||
                             strstr(pubkeyfile, "/../") != NULL)                              strstr(pubkeyfile, "/../") != NULL)
                                 errx(1, "untrusted path %s", pubkeyfile);                                  errx(1, "untrusted path %s", pubkeyfile);
                 } else                  } else
Legend:
Removed from v.1.75  
changed lines
  Added in v.1.76