actually hook up restrict_websafe; the command-line flag was

author djm <djm@openbsd.org>

Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)

committer djm <djm@openbsd.org>

Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)
author djm <djm@openbsd.org>
Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)
committer djm <djm@openbsd.org>
Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c

index 27f2442..9b0dcff 100644 (file)
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.291 2022/09/14 00:13:13 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.292 2022/09/17 10:11:29 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -795,7 +795,8 @@ process_sign_request2(SocketEntry *e)
                 goto send;
         }
         if (sshkey_is_sk(id->key)) {
-               if (strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
+               if (restrict_websafe &&
+                   strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
                     !check_websafe_message_contents(key, data)) {
                         /* error already logged */
                         goto send;
author	djm <djm@openbsd.org>
	Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)
committer	djm <djm@openbsd.org>
	Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)