summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xsrc/password-store.sh15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index f80f026..4874175 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -114,6 +114,14 @@ reencrypt_path() {
prev_gpg_recipients="${GPG_RECIPIENTS[@]}"
done
}
+check_sneaky_paths() {
+ for path in "$@"; do
+ if [[ $path =~ /\.\.$ || $path =~ ^\.\./ || $path =~ /\.\./ || $path =~ ^\.\.$ ]]; then
+ echo "Error: You've attempted to pass a sneaky path to pass. Go home."
+ exit 1
+ fi
+ done
+}
#
# END helper functions
@@ -256,6 +264,7 @@ cmd_init() {
echo "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..."
exit 1
fi
+ [[ -n $id_path ]] && check_sneaky_paths "$id_path"
if [[ -n $id_path && ! -d $PREFIX/$id_path ]]; then
if [[ -e $PREFIX/$id_path ]]; then
echo "Error: $PREFIX/$id_path exists but is not a directory."
@@ -309,6 +318,7 @@ cmd_show() {
local path="$1"
local passfile="$PREFIX/$path.gpg"
+ check_sneaky_paths "$path"
if [[ -f $passfile ]]; then
if [[ $clip -eq 0 ]]; then
exec $GPG -d $GPG_OPTS "$passfile"
@@ -396,6 +406,7 @@ cmd_insert() {
fi
local path="$1"
local passfile="$PREFIX/$path.gpg"
+ check_sneaky_paths "$path"
[[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
@@ -436,6 +447,7 @@ cmd_edit() {
fi
local path="$1"
+ check_sneaky_paths "$path"
mkdir -p -v "$PREFIX/$(dirname "$path")"
set_gpg_recipients "$(dirname "$path")"
local passfile="$PREFIX/$path.gpg"
@@ -481,6 +493,7 @@ cmd_generate() {
fi
local path="$1"
local length="$2"
+ check_sneaky_paths "$path"
if [[ ! $length =~ ^[0-9]+$ ]]; then
echo "pass-length \"$length\" must be a number."
exit 1
@@ -522,6 +535,7 @@ cmd_delete() {
exit 1
fi
local path="$1"
+ check_sneaky_paths "$path"
local passfile="$PREFIX/${path%/}"
if [[ ! -d $passfile ]]; then
@@ -560,6 +574,7 @@ cmd_copy_move() {
echo "Usage: $PROGRAM $COMMAND [--force,-f] old-path new-path"
exit 1
fi
+ check_sneaky_paths "$@"
local old_path="$PREFIX/${1%/}"
local new_path="$PREFIX/$2"
local old_dir="$old_path"
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-19 19:58:54 +0000
portato.git/commit/portato/gui/templates/ui/MainWindow.ui?h=v0.12&id=d4f5b2c63220e4c659abe08143ed4f2c505157d8&follow=1'>changed design / added linknecoro3-66/+154 2007-07-26changed design / added linknecoro2-34/+27 2007-07-25changed design / added linknecoro5-86/+188 2007-07-24made the resume_loop-plugin change titles toonecoro5-7/+22 2007-07-21added logviewersnecoro7-215/+429 2007-07-21updated howtonecoro1-14/+24 2007-07-20new Plugin Schemenecoro1-5/+4 2007-07-20new Plugin Schemenecoro1-1/+1 2007-07-20new Plugin Schemenecoro9-162/+214 2007-07-13fixesnecoro4-27/+37 2007-07-13new fancier log outputnecoro14-127/+116 2007-07-11added SIGSTOP/SIGCONT support; SIGTERM now works ;)necoro8-208/+275 2007-07-09bug in shutdown pluginnecoro2-5/+12 2007-07-09added resume_loop pluginnecoro1-1/+1 2007-07-09added resume_loop pluginnecoro10-22/+162 2007-07-07some more documentationnecoro6-4/+108 2007-07-07Some documentation worknecoro7-18/+129