upstream: use path_absolute() for pathname checks; from Manoj Ampalam

OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
author: djm@openbsd.org <djm@openbsd.org> 2018-11-16 04:26:01 +0100
committer: Damien Miller <djm@mindrot.org> 2018-11-16 04:37:33 +0100
commit: 2a35862e664afde774d4a72497d394fe7306ccb5 (patch)
tree: 501d6d170178b037829003b76cbd32e23e6080bb /auth.c
parent: Test for OPENSSL_init_crypto before using. (diff)
download: openssh-2a35862e664afde774d4a72497d394fe7306ccb5.tar.xz
openssh-2a35862e664afde774d4a72497d394fe7306ccb5.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/auth.c b/auth.c
index 3ca3762cc..18d0857ff 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -437,7 +437,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
 	 * Ensure that filename starts anchored. If not, be backward
 	 * compatible and prepend the '%h/'
 	 */
-	if (*file == '/')
+	if (path_absolute(file))
 		return (file);
 
 	i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
@@ -893,7 +893,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
 	 * If executing an explicit binary, then verify the it exists
 	 * and appears safe-ish to execute
 	 */
-	if (*av[0] != '/') {
+	if (!path_absolute(av[0])) {
 		error("%s path is not absolute", tag);
 		return 0;
 	}
author	djm@openbsd.org <djm@openbsd.org>	2018-11-16 04:26:01 +0100
committer	Damien Miller <djm@mindrot.org>	2018-11-16 04:37:33 +0100
commit	2a35862e664afde774d4a72497d394fe7306ccb5 (patch)
tree	501d6d170178b037829003b76cbd32e23e6080bb /auth.c
parent	Test for OPENSSL_init_crypto before using. (diff)
download	openssh-2a35862e664afde774d4a72497d394fe7306ccb5.tar.xz openssh-2a35862e664afde774d4a72497d394fe7306ccb5.zip