upstream: actually hook up restrict_websafe; the command-line flag

author djm@openbsd.org <djm@openbsd.org>

Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)

committer Damien Miller <djm@mindrot.org>

Sat, 17 Sep 2022 10:37:20 +0000 (20:37 +1000)
author djm@openbsd.org <djm@openbsd.org>
Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)
committer Damien Miller <djm@mindrot.org>
Sat, 17 Sep 2022 10:37:20 +0000 (20:37 +1000)
diff --git a/ssh-agent.c b/ssh-agent.c

index 0aef07eb5df01e5f7c539957c10815dc7658e821..006ddad94ae11f6d328a5f2c92096a850ad627b9 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.291 2022/09/14 00:13:13 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.292 2022/09/17 10:11:29 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -808,7 +808,8 @@ process_sign_request2(SocketEntry *e)
                 goto send;
         }
         if (sshkey_is_sk(id->key)) {
-               if (strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
+               if (restrict_websafe &&
+                   strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
                     !check_websafe_message_contents(key, data)) {
                         /* error already logged */
                         goto send;
author	djm@openbsd.org <djm@openbsd.org>
	Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)
committer	Damien Miller <djm@mindrot.org>
	Sat, 17 Sep 2022 10:37:20 +0000 (20:37 +1000)