From f65d31e68023a9e2e703c69ef15b6ee890db74e2 Mon Sep 17 00:00:00 2001
From: tedu <tedu@openbsd.org>
Date: Tue, 6 May 2014 23:27:50 +0000
Subject: [PATCH] factor out the safepath

---
 usr.bin/signify/signify.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c
index db4a455667e..35098421504 100644
--- a/usr.bin/signify/signify.c
+++ b/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.75 2014/05/06 23:24:19 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.76 2014/05/06 23:27:50 tedu Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -454,11 +454,12 @@ static void
 readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
     const char *sigcomment)
 {
+	const char *safepath = "/etc/signify/";
 
 	if (!pubkeyfile) {
 		if ((pubkeyfile = strstr(sigcomment, VERIFYWITH))) {
 			pubkeyfile += strlen(VERIFYWITH);
-			if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 ||
+			if (strncmp(pubkeyfile, safepath, strlen(safepath)) != 0 ||
 			    strstr(pubkeyfile, "/../") != NULL)
 				errx(1, "untrusted path %s", pubkeyfile);
 		} else
-- 
2.20.1