diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-09-17 10:11:29 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-09-17 20:37:20 +1000 |
commit | 3991a0cf947cf3ae0f0373bcec5a90e86a7152f5 (patch) | |
tree | d3b962c7dc2d29ac41f9c85df4a4ea40dbac353c | |
parent | 30b2a7e4291fb9e357f80a237931ff008d686d3b (diff) | |
download | openssh-git-3991a0cf947cf3ae0f0373bcec5a90e86a7152f5.tar.gz |
upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
-rw-r--r-- | ssh-agent.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 0aef07eb..006ddad9 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.291 2022/09/14 00:13:13 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.292 2022/09/17 10:11:29 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -808,7 +808,8 @@ process_sign_request2(SocketEntry *e) goto send; } if (sshkey_is_sk(id->key)) { - if (strncmp(id->key->sk_application, "ssh:", 4) != 0 && + if (restrict_websafe && + strncmp(id->key->sk_application, "ssh:", 4) != 0 && !check_websafe_message_contents(key, data)) { /* error already logged */ goto send; |