diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-06-25 19:47:49 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-06-25 19:48:16 +0200 |
commit | 367efa5846492e1b0898aad8a2c26ce94163ba24 (patch) | |
tree | ae8344185092e4e89280101d0e734cc9c43384fe | |
parent | 629eaadc213e2a1b9c95a6a50f63b35245e25865 (diff) |
Do not put passwords in herestrings
Bash sometimes writes these into temporary files, which isn't okay.
-rwxr-xr-x | src/password-store.sh | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/password-store.sh b/src/password-store.sh index 8b6134e..715dc93 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -447,7 +447,7 @@ cmd_insert() { read -r -p "Retype password for $path: " -s password_again || exit 1 echo if [[ $password == "$password_again" ]]; then - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password" || die "Password encryption aborted." + echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted." break else die "Error: the entered passwords do not match." @@ -456,7 +456,7 @@ cmd_insert() { else local password read -r -p "Enter password for $path: " -e password - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password" || die "Password encryption aborted." + echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted." fi git_add_file "$passfile" "Add given password for $path to store." } @@ -519,7 +519,7 @@ cmd_generate() { read -r -n $length pass < <(LC_ALL=C tr -dc "$characters" < /dev/urandom) [[ ${#pass} -eq $length ]] || die "Could not generate password from /dev/urandom." if [[ $inplace -eq 0 ]]; then - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$pass" || die "Password encryption aborted." + echo "$pass" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted." else local passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--" if { echo "$pass"; $GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +2; } | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}"; then |