===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth.c,v
retrieving revision 1.11.2.5
retrieving revision 1.11.2.6
diff -u -r1.11.2.5 -r1.11.2.6
--- src/usr.bin/ssh/auth.c	2001/09/27 00:15:41	1.11.2.5
+++ src/usr.bin/ssh/auth.c	2001/11/15 00:14:59	1.11.2.6
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.11.2.5 2001/09/27 00:15:41 miod Exp $");
+RCSID("$OpenBSD: auth.c,v 1.11.2.6 2001/11/15 00:14:59 miod Exp $");
 
 #include <libgen.h>
 
@@ -311,7 +311,7 @@
     char *err, size_t errlen)
 {
 	uid_t uid = pw->pw_uid;
-	char buf[MAXPATHLEN];
+	char buf[MAXPATHLEN], homedir[MAXPATHLEN];
 	char *cp;
 	struct stat st;
 
@@ -320,6 +320,11 @@
 		    strerror(errno));
 		return -1;
 	}
+	if (realpath(pw->pw_dir, homedir) == NULL) {
+		snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir,
+		    strerror(errno));
+		return -1;
+	}
 
 	/* check the open file to avoid races */
 	if (fstat(fileno(f), &st) < 0 ||
@@ -348,7 +353,7 @@
 		}
 
 		/* If are passed the homedir then we can stop */
-		if (strcmp(pw->pw_dir, buf) == 0) {
+		if (strcmp(homedir, buf) == 0) {
 			debug3("secure_filename: terminating check at '%s'",
 			    buf);
 			break;