From 3991a0cf947cf3ae0f0373bcec5a90e86a7152f5 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sat, 17 Sep 2022 10:11:29 +0000
Subject: upstream: actually hook up restrict_websafe; the command-line flag

was never actually used. Spotted by Matthew Garrett

OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
---
 ssh-agent.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssh-agent.c b/ssh-agent.c
index 0aef07eb..006ddad9 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.291 2022/09/14 00:13:13 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.292 2022/09/17 10:11:29 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -808,7 +808,8 @@ process_sign_request2(SocketEntry *e)
 		goto send;
 	}
 	if (sshkey_is_sk(id->key)) {
-		if (strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
+		if (restrict_websafe &&
+		    strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
 		    !check_websafe_message_contents(key, data)) {
 			/* error already logged */
 			goto send;
-- 
cgit v1.2.3