From 44f54f0b02b567d621764a50b0920c87c245e4c9 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 1 Aug 2018 04:12:04 +0200 Subject: show: do not store binary data in bash vars Instead we're forced to base64 it, like we do with the clipboard. --- src/password-store.sh | 14 +++++++------- src/platform/cygwin.sh | 8 ++++---- src/platform/darwin.sh | 9 +++++---- src/platform/freebsd.sh | 1 + src/platform/openbsd.sh | 1 + 5 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index 55a1aea..1d26a1a 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -156,12 +156,12 @@ clip() { # trailing new lines. local sleep_argv0="password store sleep on display $DISPLAY" pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 - local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" + local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | $BASE64)" echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" ( ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) - local now="$(xclip -o -selection "$X_SELECTION" | base64)" - [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + local now="$(xclip -o -selection "$X_SELECTION" | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" # It might be nice to programatically check to see if klipper exists, # as well as checking for other common clipboard managers. But for now, @@ -172,7 +172,7 @@ clip() { # so we axe it here: qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null - echo "$before" | base64 -d | xclip -selection "$X_SELECTION" + echo "$before" | $BASE64 -d | xclip -selection "$X_SELECTION" ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } @@ -224,6 +224,7 @@ tmpdir() { } GETOPT="getopt" SHRED="shred -f -z" +BASE64="base64" source "$(dirname "$0")/platform/$(uname | cut -d _ -f 1 | tr '[:upper:]' '[:lower:]').sh" 2>/dev/null # PLATFORM_FUNCTION_FILE @@ -363,8 +364,8 @@ cmd_show() { check_sneaky_paths "$path" if [[ -f $passfile ]]; then if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then - pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile")" || exit $? - echo "$pass" + pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $? + echo "$pass" | $BASE64 -d else [[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number." pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $? @@ -474,7 +475,6 @@ cmd_edit() { tmpdir #Defines $SECURE_TMPDIR local tmp_file="$(mktemp -u "$SECURE_TMPDIR/XXXXXX")-${path//\//-}.txt" - local action="Add" if [[ -f $passfile ]]; then $GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1 diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh index 737e367..5a8d5ea 100644 --- a/src/platform/cygwin.sh +++ b/src/platform/cygwin.sh @@ -4,13 +4,13 @@ clip() { local sleep_argv0="password store sleep on display $DISPLAY" pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 - local before="$(base64 < /dev/clipboard)" + local before="$($BASE64 < /dev/clipboard)" echo -n "$1" > /dev/clipboard ( ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) - local now="$(base64 < /dev/clipboard)" - [[ $now != $(echo -n "$1" | base64) ]] && before="$now" - echo "$before" | base64 -d > /dev/clipboard + local now="$($BASE64 < /dev/clipboard)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d > /dev/clipboard ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh index a4f3515..342ecce 100644 --- a/src/platform/darwin.sh +++ b/src/platform/darwin.sh @@ -4,13 +4,13 @@ clip() { local sleep_argv0="password store sleep for user $(id -u)" pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 - local before="$(pbpaste | openssl base64)" + local before="$(pbpaste | $BASE64)" echo -n "$1" | pbcopy ( ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) - local now="$(pbpaste | openssl base64)" - [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now" - echo "$before" | openssl base64 -d | pbcopy + local now="$(pbpaste | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d | pbcopy ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } @@ -45,3 +45,4 @@ qrcode() { GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" SHRED="srm -f -z" +BASE64="openssl base64" diff --git a/src/platform/freebsd.sh b/src/platform/freebsd.sh index d93c774..390bca2 100644 --- a/src/platform/freebsd.sh +++ b/src/platform/freebsd.sh @@ -3,3 +3,4 @@ GETOPT="/usr/local/bin/getopt" SHRED="rm -P -f" +BASE64="openssl base64" diff --git a/src/platform/openbsd.sh b/src/platform/openbsd.sh index b66b32f..fc27f6a 100644 --- a/src/platform/openbsd.sh +++ b/src/platform/openbsd.sh @@ -38,3 +38,4 @@ tmpdir() { GETOPT="gnugetopt" SHRED="rm -P -f" +BASE64="openssl base64" -- cgit v1.2.3