1 diff -Napru pfefferminzbonbon
2 --- src.orig/usr.bin/signify/signify.c 2020-08-22 20:11:21.055823405 +0200
3 +++ src/usr.bin/signify/signify.c 2020-08-22 20:15:28.105818708 +0200
4 @@ -49,6 +49,10 @@
5 #define COMMENTMAXLEN 1024
6 #define VERIFYWITH "verify with "
7
8 +#ifndef SIGNIFYROOT
9 +# define SIGNIFYROOT "/etc/signify"
10 +#endif
11 +
12 struct enckey {
13 uint8_t pkalg[2];
14 uint8_t kdfalg[2];
15 @@ -411,7 +415,7 @@ createsig(const char *seckeyfile, const
16 else
17 keyname++;
18 nr = snprintf(sigcomment, sizeof(sigcomment),
19 - VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname);
20 + VERIFYWITH "%s/%.*s.pub", SIGNIFYROOT, (int)strlen(keyname) - 4, keyname);
21 if (nr == -1 || nr >= sizeof(sigcomment))
22 errx(1, "comment too long");
23 } else {
24 @@ -518,13 +522,20 @@ static void
25 readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
26 const char *sigcomment, const char *keytype)
27 {
28 - const char *safepath = "/etc/signify";
29 + const char *safepath = SIGNIFYROOT "/";
30 char keypath[PATH_MAX];
31
32 if (!pubkeyfile) {
33 + size_t spl;
34 +
35 pubkeyfile = strstr(sigcomment, VERIFYWITH);
36 - if (pubkeyfile && strchr(pubkeyfile, '/') == NULL) {
37 - pubkeyfile += strlen(VERIFYWITH);
38 + if (!pubkeyfile)
39 + usage("must specify pubkey");
40 + pubkeyfile += strlen(VERIFYWITH);
41 + spl = strlen(safepath);
42 + if (strncmp(pubkeyfile, safepath, spl) == 0)
43 + pubkeyfile += spl;
44 + if (*pubkeyfile != '\0' && strchr(pubkeyfile, '/') == NULL) {
45 if (keytype)
46 check_keytype(pubkeyfile, keytype);
47 if (snprintf(keypath, sizeof(keypath), "%s/%s",
|
