===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.89
retrieving revision 1.90
diff -c -r1.89 -r1.90
*** src/usr.bin/signify/signify.c	2014/05/30 21:17:42	1.89
--- src/usr.bin/signify/signify.c	2014/05/30 21:20:49	1.90
***************
*** 1,4 ****
! /* $OpenBSD: signify.c,v 1.89 2014/05/30 21:17:42 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
--- 1,4 ----
! /* $OpenBSD: signify.c,v 1.90 2014/05/30 21:20:49 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
***************
*** 380,386 ****
  	explicit_bzero(&enckey, sizeof(enckey));
  
  	memcpy(sig.pkalg, PKALG, 2);
! 	if ((secname = strstr(seckeyfile, ".sec")) && strlen(secname) == 4) {
  		if (snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub",
  		    (int)strlen(seckeyfile) - 4, seckeyfile) >= sizeof(sigcomment))
  			errx(1, "comment too long");
--- 380,387 ----
  	explicit_bzero(&enckey, sizeof(enckey));
  
  	memcpy(sig.pkalg, PKALG, 2);
! 	secname = strstr(seckeyfile, ".sec");
! 	if (secname && strlen(secname) == 4) {
  		if (snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub",
  		    (int)strlen(seckeyfile) - 4, seckeyfile) >= sizeof(sigcomment))
  			errx(1, "comment too long");
***************
*** 456,462 ****
  	const char *safepath = "/etc/signify/";
  
  	if (!pubkeyfile) {
! 		if ((pubkeyfile = strstr(sigcomment, VERIFYWITH))) {
  			pubkeyfile += strlen(VERIFYWITH);
  			if (strncmp(pubkeyfile, safepath, strlen(safepath)) != 0 ||
  			    strstr(pubkeyfile, "/../") != NULL)
--- 457,464 ----
  	const char *safepath = "/etc/signify/";
  
  	if (!pubkeyfile) {
! 		pubkeyfile = strstr(sigcomment, VERIFYWITH);
! 		if (pubkeyfile) {
  			pubkeyfile += strlen(VERIFYWITH);
  			if (strncmp(pubkeyfile, safepath, strlen(safepath)) != 0 ||
  			    strstr(pubkeyfile, "/../") != NULL)