diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-04-18 13:22:39 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-04-18 13:22:39 +0200 |
commit | 1edc1a7ecc74798484b690db0f88b9ac30120162 (patch) | |
tree | 4d5e4482a22e1df0f83fdef386903e6231786953 /src | |
parent | 8066a2b222a31cf5ac217de5e26a267a2100940e (diff) |
Check sneaky paths.
Diffstat (limited to 'src')
-rwxr-xr-x | src/password-store.sh | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/password-store.sh b/src/password-store.sh index f80f026..4874175 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -114,6 +114,14 @@ reencrypt_path() { prev_gpg_recipients="${GPG_RECIPIENTS[@]}" done } +check_sneaky_paths() { + for path in "$@"; do + if [[ $path =~ /\.\.$ || $path =~ ^\.\./ || $path =~ /\.\./ || $path =~ ^\.\.$ ]]; then + echo "Error: You've attempted to pass a sneaky path to pass. Go home." + exit 1 + fi + done +} # # END helper functions @@ -256,6 +264,7 @@ cmd_init() { echo "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..." exit 1 fi + [[ -n $id_path ]] && check_sneaky_paths "$id_path" if [[ -n $id_path && ! -d $PREFIX/$id_path ]]; then if [[ -e $PREFIX/$id_path ]]; then echo "Error: $PREFIX/$id_path exists but is not a directory." @@ -309,6 +318,7 @@ cmd_show() { local path="$1" local passfile="$PREFIX/$path.gpg" + check_sneaky_paths "$path" if [[ -f $passfile ]]; then if [[ $clip -eq 0 ]]; then exec $GPG -d $GPG_OPTS "$passfile" @@ -396,6 +406,7 @@ cmd_insert() { fi local path="$1" local passfile="$PREFIX/$path.gpg" + check_sneaky_paths "$path" [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" @@ -436,6 +447,7 @@ cmd_edit() { fi local path="$1" + check_sneaky_paths "$path" mkdir -p -v "$PREFIX/$(dirname "$path")" set_gpg_recipients "$(dirname "$path")" local passfile="$PREFIX/$path.gpg" @@ -481,6 +493,7 @@ cmd_generate() { fi local path="$1" local length="$2" + check_sneaky_paths "$path" if [[ ! $length =~ ^[0-9]+$ ]]; then echo "pass-length \"$length\" must be a number." exit 1 @@ -522,6 +535,7 @@ cmd_delete() { exit 1 fi local path="$1" + check_sneaky_paths "$path" local passfile="$PREFIX/${path%/}" if [[ ! -d $passfile ]]; then @@ -560,6 +574,7 @@ cmd_copy_move() { echo "Usage: $PROGRAM $COMMAND [--force,-f] old-path new-path" exit 1 fi + check_sneaky_paths "$@" local old_path="$PREFIX/${1%/}" local new_path="$PREFIX/$2" local old_dir="$old_path" |