upstream commit

Expand tildes in filenames passed to -i before checking
 whether or not the identity file exists.  This means that if the shell
 doesn't do the expansion (eg because the option and filename were given as a
 single argument) then we'll still add the key.  bz#2481, ok markus@

Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6

diff --git a/ssh.c b/ssh.c
index de4e615525e9294b3e86d6ab29bc5a50baf65fcf..cceb36e838ca0417d6b8d87126b6906a77ae34b8 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.428 2015/10/16 18:40:49 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.429 2015/10/25 23:42:00 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -714,13 +714,14 @@ main(int ac, char **av)
                        options.gss_deleg_creds = 1;
                        break;
                case 'i':
-                       if (stat(optarg, &st) < 0) {
+                       p = tilde_expand_filename(optarg, original_real_uid);
+                       if (stat(p, &st) < 0)
                                fprintf(stderr, "Warning: Identity file %s "
-                                   "not accessible: %s.\n", optarg,
+                                   "not accessible: %s.\n", p,
                                    strerror(errno));
-                               break;
-                       }
-                       add_identity_file(&options, NULL, optarg, 1);
+                       else
+                               add_identity_file(&options, NULL, p, 1);
+                       free(p);
                        break;
                case 'I':
 #ifdef ENABLE_PKCS11