diff options
| author | Stacey Sheldon <stac@solidgoldbomb.org> | 2017-07-23 15:37:33 -0400 | 
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-10-13 20:21:40 +0200 | 
| commit | 7252e8b3cf829e908179913daad16ff2b8bdefdd (patch) | |
| tree | bfc323e70496d7728971e728e8e306340f5196e4 /Makefile | |
| parent | c1b3ff04425844ed88fac2a634232bdb8e2662bc (diff) | |
protect dirname calls from pass-names that look like command-line options
With the $path variable being passed directly to dirname, any pass-names
provided by the user that happened to look like options to dirname would
be processed as options rather than as the path to be split.
This results in a real mess when you happen to run one of:
  pass edit --help
  pass generate --help
  pass insert --help
then in the cmd_foo() function, you have:
   mkdir -p -v "$PREFIX/$(dirname --help)"
which (due to the -p option to mkdir) results in the creation of an
entire directory hierarchy made up of the slash-separated help text from
dirname.
Diffstat (limited to 'Makefile')
0 files changed, 0 insertions, 0 deletions