diff options
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 6092f19dc..5c9a9de60 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.253 2020/01/25 00:03:36 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.254 2020/01/25 00:06:48 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -430,6 +430,7 @@ process_add_identity(SocketEntry *e) | |||
430 | int success = 0, confirm = 0; | 430 | int success = 0, confirm = 0; |
431 | u_int seconds, maxsign; | 431 | u_int seconds, maxsign; |
432 | char *fp, *comment = NULL, *ext_name = NULL, *sk_provider = NULL; | 432 | char *fp, *comment = NULL, *ext_name = NULL, *sk_provider = NULL; |
433 | char canonical_provider[PATH_MAX]; | ||
433 | time_t death = 0; | 434 | time_t death = 0; |
434 | struct sshkey *k = NULL; | 435 | struct sshkey *k = NULL; |
435 | u_char ctype; | 436 | u_char ctype; |
@@ -514,14 +515,25 @@ process_add_identity(SocketEntry *e) | |||
514 | free(sk_provider); | 515 | free(sk_provider); |
515 | goto send; | 516 | goto send; |
516 | } | 517 | } |
517 | if (strcasecmp(sk_provider, "internal") == 0) | 518 | if (strcasecmp(sk_provider, "internal") == 0) { |
518 | debug("%s: internal provider", __func__); | 519 | debug("%s: internal provider", __func__); |
519 | else if (match_pattern_list(sk_provider, | 520 | } else { |
520 | provider_whitelist, 0) != 1) { | 521 | if (realpath(sk_provider, canonical_provider) == NULL) { |
521 | error("Refusing add key: provider %s not whitelisted", | 522 | verbose("failed provider \"%.100s\": " |
522 | sk_provider); | 523 | "realpath: %s", sk_provider, |
524 | strerror(errno)); | ||
525 | free(sk_provider); | ||
526 | goto send; | ||
527 | } | ||
523 | free(sk_provider); | 528 | free(sk_provider); |
524 | goto send; | 529 | sk_provider = xstrdup(canonical_provider); |
530 | if (match_pattern_list(sk_provider, | ||
531 | provider_whitelist, 0) != 1) { | ||
532 | error("Refusing add key: " | ||
533 | "provider %s not whitelisted", sk_provider); | ||
534 | free(sk_provider); | ||
535 | goto send; | ||
536 | } | ||
525 | } | 537 | } |
526 | } | 538 | } |
527 | if ((r = sshkey_shield_private(k)) != 0) { | 539 | if ((r = sshkey_shield_private(k)) != 0) { |