upstream commit

Expand tildes in filenames passed to -i before checking
 whether or not the identity file exists.  This means that if the shell
 doesn't do the expansion (eg because the option and filename were given as a
 single argument) then we'll still add the key.  bz#2481, ok markus@

Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6

1 files changed, 7 insertions, 6 deletions

diff --git a/ssh.c b/ssh.c
index de4e61552..cceb36e83 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.428 2015/10/16 18:40:49 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.429 2015/10/25 23:42:00 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -714,13 +714,14 @@ main(int ac, char **av)
                         options.gss_deleg_creds = 1;
                         break;
                 case 'i':
-                        if (stat(optarg, &st) < 0) {
+                        p = tilde_expand_filename(optarg, original_real_uid);
+                        if (stat(p, &st) < 0)
                                 fprintf(stderr, "Warning: Identity file %s "
-                                    "not accessible: %s.\n", optarg,
+                                    "not accessible: %s.\n", p,
                                     strerror(errno));
-                                break;
-                        }
-                        add_identity_file(&options, NULL, optarg, 1);
+                        else
+                                add_identity_file(&options, NULL, p, 1);
+                        free(p);
                         break;
                 case 'I':
 #ifdef ENABLE_PKCS11