factor out the safepath

author tedu <tedu@openbsd.org>

Tue, 6 May 2014 23:27:50 +0000 (23:27 +0000)

committer tedu <tedu@openbsd.org>

Tue, 6 May 2014 23:27:50 +0000 (23:27 +0000)
author tedu <tedu@openbsd.org>
Tue, 6 May 2014 23:27:50 +0000 (23:27 +0000)
committer tedu <tedu@openbsd.org>
Tue, 6 May 2014 23:27:50 +0000 (23:27 +0000)
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c

index db4a455..3509842 100644 (file)
--- a/usr.bin/signify/signify.c
+++ b/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.75 2014/05/06 23:24:19 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.76 2014/05/06 23:27:50 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
@@ -454,11 +454,12 @@ static void
  readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
      const char *sigcomment)
  {
+       const char *safepath = "/etc/signify/";
  
         if (!pubkeyfile) {
                 if ((pubkeyfile = strstr(sigcomment, VERIFYWITH))) {
                         pubkeyfile += strlen(VERIFYWITH);
-                       if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 ||
+                       if (strncmp(pubkeyfile, safepath, strlen(safepath)) != 0 ||
                             strstr(pubkeyfile, "/../") != NULL)
                                 errx(1, "untrusted path %s", pubkeyfile);
                 } else
author	tedu <tedu@openbsd.org>
	Tue, 6 May 2014 23:27:50 +0000 (23:27 +0000)
committer	tedu <tedu@openbsd.org>
	Tue, 6 May 2014 23:27:50 +0000 (23:27 +0000)