summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Shore <brian@networkredux.com>2013-09-12 14:38:35 -0700
committerJason A. Donenfeld <Jason@zx2c4.com>2013-09-14 19:15:16 +0200
commit79d5267d5911d753ab6ba3cb4c12c919312a85fc (patch)
tree863e112a5c2125b2a83997beecd62a43a42a01b9
parentc832d4647439a0d504a310fba51f20dcb5051c47 (diff)
downloadpass-79d5267d5911d753ab6ba3cb4c12c919312a85fc.tar.gz
pass-79d5267d5911d753ab6ba3cb4c12c919312a85fc.tar.bz2
pass-79d5267d5911d753ab6ba3cb4c12c919312a85fc.zip
Fix directory traversal for reencryption when $PREFIX is a symlink
Diffstat (limited to '')
-rwxr-xr-xsrc/password-store.sh2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index e080627..2d6ba18 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -158,7 +158,7 @@ case "$command" in
git_add_file "$ID" "Set GPG id to $gpg_id."
if [[ $reencrypt -eq 1 ]]; then
- find "$PREFIX" -iname '*.gpg' | while read passfile; do
+ find "$PREFIX/" -iname '*.gpg' | while read passfile; do
gpg2 -d $GPG_OPTS "$passfile" | gpg2 -e -r "$gpg_id" -o "$passfile.new" $GPG_OPTS &&
mv -v "$passfile.new" "$passfile"
done
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-06-29 04:01:48 +0000
ogsubject'>Use --noreport instead of head -n -2 for tree so that it works on mac.Jason A. Donenfeld1-1/+1 Reported-by: Theo Belaire <tbelaire@uwaterloo.ca> 2012-09-05Be sure to explicitly state that install is a phony target.Jason A. Donenfeld1-0/+2 2012-09-05Bump debian version horribly.1.1Jason A. Donenfeld2-2/+2 2012-09-04No echo mode.Jason A. Donenfeld2-16/+42 Add a --no-echo flag to the insert operation so that the password isn't echoed when entering it. This requires the user to echo the password twice for confirmation. Reported-by: Dominic Lüchinger <d.luechinger@snowgarden.ch> 2012-09-04Properly quote the path too.Jason A. Donenfeld1-1/+1 2012-09-04Allow passwords having spaces to go unbroken to the clipboard.Bernardo Freitas Paulo da Costa1-1/+1 This also prevents showing the second <word> of the password in the prompt. 2012-09-04Separate out the massive git example.Jason A. Donenfeld1-10/+14 2012-09-04Prepare for debianification.1.0Jason A. Donenfeld9-4/+60 2012-09-03Fix readme typo.Jason A. Donenfeld1-1/+1 2012-09-03Show program name properly in error message.Jason A. Donenfeld1-1/+1 2012-09-03Move examples into manpage.Jason A. Donenfeld4-93/+224 2012-09-03Make into a real project.Jason A. Donenfeld8-5/+173 2012-09-03Support pass gitJason A. Donenfeld2-1/+15 2012-08-31Add remove synonyms.Jason A. Donenfeld1-2/+2 2012-08-31Use basename in usage.Jason A. Donenfeld1-2/+1 2012-08-19now using gpg_id as a varMatthew Ramirez1-2/+2 2012-08-07Forty five seconds.Jason A. Donenfeld1-1/+1 2012-08-06Deal with klipper and new lines.Jason A. Donenfeld1-3/+19 2012-08-06Update examples.Jason A. Donenfeld1-7/+7 2012-08-06Update readme.Jason A. Donenfeld1-11/+13 2012-08-06Be slicker and more like git.Jason A. Donenfeld1-114/+173