upstream: use path_absolute() for pathname checks; from Manoj Ampalam

OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
author: djm@openbsd.org <djm@openbsd.org> 2018-11-16 03:26:01 +0000
committer: Damien Miller <djm@mindrot.org> 2018-11-16 14:37:33 +1100
commit: 2a35862e664afde774d4a72497d394fe7306ccb5 (patch)
tree: 501d6d170178b037829003b76cbd32e23e6080bb /auth.c
parent: d0d1dfa55be1c5c0d77ab3096b198a64235f936d (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/auth.c b/auth.c
index 3ca3762cc..18d0857ff 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -437,7 +437,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
         * Ensure that filename starts anchored. If not, be backward
         * compatible and prepend the '%h/'
         */
-        if (*file == '/')
+        if (path_absolute(file))
                return (file);
        i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
@@ -893,7 +893,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
         * If executing an explicit binary, then verify the it exists
         * and appears safe-ish to execute
         */
-        if (*av[0] != '/') {
+        if (!path_absolute(av[0])) {
                error("%s path is not absolute", tag);
                return 0;
        }
author	djm@openbsd.org <djm@openbsd.org>	2018-11-16 03:26:01 +0000
committer	Damien Miller <djm@mindrot.org>	2018-11-16 14:37:33 +1100
commit	2a35862e664afde774d4a72497d394fe7306ccb5 (patch)
tree	501d6d170178b037829003b76cbd32e23e6080bb /auth.c
parent	d0d1dfa55be1c5c0d77ab3096b198a64235f936d (diff)

diff --git a/auth.c b/auth.c index 3ca3762cc..18d0857ff 100644 --- a/auth.c +++ b/auth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */	1	/* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -437,7 +437,7 @@ expand_authorized_keys(const char filename, struct passwd pw)
437	* Ensure that filename starts anchored. If not, be backward	437	* Ensure that filename starts anchored. If not, be backward
438	* compatible and prepend the '%h/'	438	* compatible and prepend the '%h/'
439	*/	439	*/
440	if (*file == '/')	440	if (path_absolute(file))
441	return (file);	441	return (file);
442		442
443	i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);	443	i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
@@ -893,7 +893,7 @@ subprocess(const char tag, struct passwd pw, const char *command,
893	* If executing an explicit binary, then verify the it exists	893	* If executing an explicit binary, then verify the it exists
894	* and appears safe-ish to execute	894	* and appears safe-ish to execute
895	*/	895	*/
896	if (*av[0] != '/') {	896	if (!path_absolute(av[0])) {
897	error("%s path is not absolute", tag);	897	error("%s path is not absolute", tag);
898	return 0;	898	return 0;
899	}	899	}