diff options
author | Stacey Sheldon <stac@solidgoldbomb.org> | 2017-07-23 15:37:33 -0400 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-10-13 20:21:40 +0200 |
commit | 7252e8b3cf829e908179913daad16ff2b8bdefdd (patch) | |
tree | bfc323e70496d7728971e728e8e306340f5196e4 /tests/gnupg | |
parent | c1b3ff04425844ed88fac2a634232bdb8e2662bc (diff) | |
download | pass-7252e8b3cf829e908179913daad16ff2b8bdefdd.tar.gz pass-7252e8b3cf829e908179913daad16ff2b8bdefdd.tar.bz2 pass-7252e8b3cf829e908179913daad16ff2b8bdefdd.zip |
protect dirname calls from pass-names that look like command-line options
With the $path variable being passed directly to dirname, any pass-names
provided by the user that happened to look like options to dirname would
be processed as options rather than as the path to be split.
This results in a real mess when you happen to run one of:
pass edit --help
pass generate --help
pass insert --help
then in the cmd_foo() function, you have:
mkdir -p -v "$PREFIX/$(dirname --help)"
which (due to the -p option to mkdir) results in the creation of an
entire directory hierarchy made up of the slash-separated help text from
dirname.
Diffstat (limited to 'tests/gnupg')
0 files changed, 0 insertions, 0 deletions