upstream: actually hook up restrict_websafe; the command-line flag

was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
author: djm@openbsd.org <djm@openbsd.org> 2022-09-17 10:11:29 +0000
committer: Damien Miller <djm@mindrot.org> 2022-09-17 20:37:20 +1000
commit: 3991a0cf947cf3ae0f0373bcec5a90e86a7152f5 (patch)
tree: d3b962c7dc2d29ac41f9c85df4a4ea40dbac353c
parent: 30b2a7e4291fb9e357f80a237931ff008d686d3b (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index 0aef07eb..006ddad9 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.291 2022/09/14 00:13:13 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.292 2022/09/17 10:11:29 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -808,7 +808,8 @@ process_sign_request2(SocketEntry *e)
 		goto send;
 	}
 	if (sshkey_is_sk(id->key)) {
-		if (strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
+		if (restrict_websafe &&
+		    strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
 		    !check_websafe_message_contents(key, data)) {
 			/* error already logged */
 			goto send;
author	djm@openbsd.org <djm@openbsd.org>	2022-09-17 10:11:29 +0000
committer	Damien Miller <djm@mindrot.org>	2022-09-17 20:37:20 +1000
commit	3991a0cf947cf3ae0f0373bcec5a90e86a7152f5 (patch)
tree	d3b962c7dc2d29ac41f9c85df4a4ea40dbac353c
parent	30b2a7e4291fb9e357f80a237931ff008d686d3b (diff)