Skip to content

Commit

Permalink
Merge branch 'TinCanTech-sanitize-path'
Browse files Browse the repository at this point in the history
Signed-off-by: Richard T Bonhomme <[email protected]>
  • Loading branch information
TinCanTech committed Aug 17, 2023
2 parents 98443c3 + 3bb013c commit c1ace38
Showing 1 changed file with 36 additions and 1 deletion.
37 changes: 36 additions & 1 deletion easyrsa3/easyrsa
Original file line number Diff line number Diff line change
Expand Up @@ -5867,6 +5867,9 @@ Algorithm '$EASYRSA_ALGO' is invalid: Must be 'rsa', 'ec' or 'ed'"

# Verify working environment
verify_working_env() {
# Do not allow demented paths, eg: '/' or '\'
sanitize_path

# Verify SSL Lib - One time ONLY
verify_ssl_lib

Expand Down Expand Up @@ -5923,6 +5926,38 @@ Temporary directory does not exist:
verbose "verify_working_env: COMPLETED"
} # => verify_working_env()

# Sanitize demented directory names
sanitize_path() {
# Sanitize PWD
verbose "Working dir: $PWD"
case "$PWD" in
*/|*\\|?:)
user_error "\
EasyRSA cannot be run in the root directory: $PWD"
esac

# Sanitize EASYRSA
verbose "EASYRSA: $EASYRSA"
case "$EASYRSA" in
*/|*\\|?:)
user_error "Invalid EASYRSA: $EASYRSA"
esac

# Sanitize EASYRSA_PKI
verbose "EASYRSA_PKI: $EASYRSA_PKI"
case "$EASYRSA_PKI" in
*/|*\\|?:)
user_error "Invalid EASYRSA_PKI: $EASYRSA_PKI"
esac

# Sanitize EASYRSA_TEMP_DIR
verbose "EASYRSA_TEMP_DIR: $EASYRSA_TEMP_DIR"
case "$EASYRSA_TEMP_DIR" in
*/|*\\|?:)
user_error "Invalid EASYRSA_TEMP_DIR: $EASYRSA_TEMP_DIR"
esac
} # => sanitize_path()

# variable assignment by indirection.
# Sets '$1' as the value contained in '$2'
# and exports (may be blank)
Expand All @@ -5935,7 +5970,7 @@ set_var() {
esac
eval "export \"$1\"=\"\${$1-$2}\"" && return
die "set_var - eval '$*'"
} #=> set_var()
} # => set_var()

# sanatize and set var
# nix.sh/win.sh/busybox.sh never return error from unset
Expand Down

0 comments on commit c1ace38

Please sign in to comment.