upstream: use path_absolute() for pathname checks; from Manoj Ampalam

OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925

8 files changed, 25 insertions, 17 deletions

diff --git a/auth.c b/auth.c
index 3ca3762cc..18d0857ff 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -437,7 +437,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
          * Ensure that filename starts anchored. If not, be backward
          * compatible and prepend the '%h/'
          */
-        if (*file == '/')
+        if (path_absolute(file))
                 return (file);
 
         i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
@@ -893,7 +893,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
          * If executing an explicit binary, then verify the it exists
          * and appears safe-ish to execute
          */
-        if (*av[0] != '/') {
+        if (!path_absolute(av[0])) {
                 error("%s path is not absolute", tag);
                 return 0;
         }
diff --git a/misc.c b/misc.c
index bdc06fdb3..dd74c8d45 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.133 2018/10/05 14:26:09 naddy Exp $ */
+/* $OpenBSD: misc.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -2037,3 +2037,10 @@ format_absolute_time(uint64_t t, char *buf, size_t len)
         localtime_r(&tt, &tm);
         strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm);
 }
+
+/* check if path is absolute */
+int
+path_absolute(const char *path)
+{
+        return (*path == '/') ? 1 : 0;
+}
diff --git a/misc.h b/misc.h
index 31b207a8d..bcae6a509 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.76 2018/11/16 03:26:01 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -78,6 +78,7 @@ int	 valid_env_name(const char *);
 const char *atoi_err(const char *, int *);
 int      parse_absolute_time(const char *, uint64_t *);
 void     format_absolute_time(uint64_t, char *, size_t);
+int      path_absolute(const char *);
 
 void     sock_set_v6only(int);
 
diff --git a/readconf.c b/readconf.c
index 433811521..7850f2f59 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */
+/* $OpenBSD: readconf.c,v 1.301 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1521,7 +1521,7 @@ parse_keytypes:
                         if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0)
                                 fatal("%.200s line %d: bad include path %s.",
                                     filename, linenum, arg);
-                        if (*arg != '/' && *arg != '~') {
+                        if (!path_absolute(arg) && *arg != '~') {
                                 xasprintf(&arg2, "%s/%s",
                                     (flags & SSHCONF_USERCONF) ?
                                     "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
diff --git a/servconf.c b/servconf.c
index 932d363bb..a8727c0fa 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -702,7 +702,7 @@ derelativise_path(const char *path)
         if (strcasecmp(path, "none") == 0)
                 return xstrdup("none");
         expanded = tilde_expand_filename(path, getuid());
-        if (*expanded == '/')
+        if (path_absolute(expanded))
                 return expanded;
         if (getcwd(cwd, sizeof(cwd)) == NULL)
                 fatal("%s: getcwd: %s", __func__, strerror(errno));
diff --git a/session.c b/session.c
index 2d0958d11..a3f0b3562 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.307 2018/10/04 00:10:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.308 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1334,7 +1334,7 @@ safely_chroot(const char *path, uid_t uid)
         char component[PATH_MAX];
         struct stat st;
 
-        if (*path != '/')
+        if (!path_absolute(path))
                 fatal("chroot path does not begin at root");
         if (strlen(path) >= sizeof(component))
                 fatal("chroot path too long");
diff --git a/sftp.c b/sftp.c
index e3091969c..ed95cf817 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.187 2018/11/16 02:30:20 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.188 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -389,7 +389,7 @@ make_absolute(char *p, const char *pwd)
         char *abs_str;
 
         /* Derelativise */
-        if (p && p[0] != '/') {
+        if (p && !path_absolute(p)) {
                 abs_str = path_append(pwd, p);
                 free(p);
                 return(abs_str);
@@ -1623,7 +1623,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
 
                 /* Strip pwd off beginning of non-absolute paths */
                 tmp = NULL;
-                if (*path1 != '/')
+                if (!path_absolute(path1))
                         tmp = *pwd;
 
                 path1 = make_absolute(path1, *pwd);
@@ -1951,7 +1951,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
                 xasprintf(&tmp, "%s*", file);
 
         /* Check if the path is absolute. */
-        isabs = tmp[0] == '/';
+        isabs = path_absolute(tmp);
 
         memset(&g, 0, sizeof(g));
         if (remote != LOCAL) {
diff --git a/sshd.c b/sshd.c
index 66e79a3d2..362736977 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.517 2018/10/23 05:56:35 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1624,7 +1624,7 @@ main(int ac, char **av)
         }
         if (rexeced_flag || inetd_flag)
                 rexec_flag = 0;
-        if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
+        if (!test_flag && rexec_flag && !path_absolute(av[0]))
                 fatal("sshd re-exec requires execution with an absolute path");
         if (rexeced_flag)
                 closefrom(REEXEC_MIN_FREE_FD);