m-chrzan.xyz
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-06-25 19:47:49 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-06-25 19:48:16 +0200
commit367efa5846492e1b0898aad8a2c26ce94163ba24 (patch)
treeae8344185092e4e89280101d0e734cc9c43384fe /src
parent629eaadc213e2a1b9c95a6a50f63b35245e25865 (diff)
Do not put passwords in herestrings
Bash sometimes writes these into temporary files, which isn't okay.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/password-store.sh6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index 8b6134e..715dc93 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -447,7 +447,7 @@ cmd_insert() {
read -r -p "Retype password for $path: " -s password_again || exit 1
echo
if [[ $password == "$password_again" ]]; then
- $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password" || die "Password encryption aborted."
+ echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
break
else
die "Error: the entered passwords do not match."
@@ -456,7 +456,7 @@ cmd_insert() {
else
local password
read -r -p "Enter password for $path: " -e password
- $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password" || die "Password encryption aborted."
+ echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
fi
git_add_file "$passfile" "Add given password for $path to store."
}
@@ -519,7 +519,7 @@ cmd_generate() {
read -r -n $length pass < <(LC_ALL=C tr -dc "$characters" < /dev/urandom)
[[ ${#pass} -eq $length ]] || die "Could not generate password from /dev/urandom."
if [[ $inplace -eq 0 ]]; then
- $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$pass" || die "Password encryption aborted."
+ echo "$pass" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
else
local passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--"
if { echo "$pass"; $GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +2; } | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}"; then