protect dirname calls from pass-names that look like command-line options - others/pass - The standard unix password manager + extensions

diff options

author	Stacey Sheldon <stac@solidgoldbomb.org>	2017-07-23 15:37:33 -0400
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-10-13 20:21:40 +0200
commit	7252e8b3cf829e908179913daad16ff2b8bdefdd (patch)
tree	bfc323e70496d7728971e728e8e306340f5196e4 /INSTALL
parent	c1b3ff04425844ed88fac2a634232bdb8e2662bc (diff)
download	pass-7252e8b3cf829e908179913daad16ff2b8bdefdd.tar.gz pass-7252e8b3cf829e908179913daad16ff2b8bdefdd.tar.bz2 pass-7252e8b3cf829e908179913daad16ff2b8bdefdd.zip

protect dirname calls from pass-names that look like command-line options

With the $path variable being passed directly to dirname, any pass-names provided by the user that happened to look like options to dirname would be processed as options rather than as the path to be split. This results in a real mess when you happen to run one of: pass edit --help pass generate --help pass insert --help then in the cmd_foo() function, you have: mkdir -p -v "$PREFIX/$(dirname --help)" which (due to the -p option to mkdir) results in the creation of an entire directory hierarchy made up of the slash-separated help text from dirname.

Diffstat (limited to 'INSTALL')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: