Skip to content
Snippets Groups Projects
Commit 1edc1a7e authored by Jason A. Donenfeld's avatar Jason A. Donenfeld
Browse files

Check sneaky paths.

parent 8066a2b2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 15 additions and 0 deletions
src/password-store.sh
+ 15
0
View file @ 1edc1a7e
...@@ -114,6 +114,14 @@ reencrypt_path() { ...@@ -114,6 +114,14 @@ reencrypt_path() {
prev_gpg_recipients="${GPG_RECIPIENTS[@]}" prev_gpg_recipients="${GPG_RECIPIENTS[@]}"
done done
} }
check_sneaky_paths() {
for path in "$@"; do
if [[ $path =~ /\.\.$ || $path =~ ^\.\./ || $path =~ /\.\./ || $path =~ ^\.\.$ ]]; then
echo "Error: You've attempted to pass a sneaky path to pass. Go home."
exit 1
fi
done
}
# #
# END helper functions # END helper functions
...@@ -256,6 +264,7 @@ cmd_init() { ...@@ -256,6 +264,7 @@ cmd_init() {
echo "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..." echo "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..."
exit 1 exit 1
fi fi
[[ -n $id_path ]] && check_sneaky_paths "$id_path"
if [[ -n $id_path && ! -d $PREFIX/$id_path ]]; then if [[ -n $id_path && ! -d $PREFIX/$id_path ]]; then
if [[ -e $PREFIX/$id_path ]]; then if [[ -e $PREFIX/$id_path ]]; then
echo "Error: $PREFIX/$id_path exists but is not a directory." echo "Error: $PREFIX/$id_path exists but is not a directory."
...@@ -309,6 +318,7 @@ cmd_show() { ...@@ -309,6 +318,7 @@ cmd_show() {
local path="$1" local path="$1"
local passfile="$PREFIX/$path.gpg" local passfile="$PREFIX/$path.gpg"
check_sneaky_paths "$path"
if [[ -f $passfile ]]; then if [[ -f $passfile ]]; then
if [[ $clip -eq 0 ]]; then if [[ $clip -eq 0 ]]; then
exec $GPG -d $GPG_OPTS "$passfile" exec $GPG -d $GPG_OPTS "$passfile"
...@@ -396,6 +406,7 @@ cmd_insert() { ...@@ -396,6 +406,7 @@ cmd_insert() {
fi fi
local path="$1" local path="$1"
local passfile="$PREFIX/$path.gpg" local passfile="$PREFIX/$path.gpg"
check_sneaky_paths "$path"
[[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
...@@ -436,6 +447,7 @@ cmd_edit() { ...@@ -436,6 +447,7 @@ cmd_edit() {
fi fi
local path="$1" local path="$1"
check_sneaky_paths "$path"
mkdir -p -v "$PREFIX/$(dirname "$path")" mkdir -p -v "$PREFIX/$(dirname "$path")"
set_gpg_recipients "$(dirname "$path")" set_gpg_recipients "$(dirname "$path")"
local passfile="$PREFIX/$path.gpg" local passfile="$PREFIX/$path.gpg"
...@@ -481,6 +493,7 @@ cmd_generate() { ...@@ -481,6 +493,7 @@ cmd_generate() {
fi fi
local path="$1" local path="$1"
local length="$2" local length="$2"
check_sneaky_paths "$path"
if [[ ! $length =~ ^[0-9]+$ ]]; then if [[ ! $length =~ ^[0-9]+$ ]]; then
echo "pass-length \"$length\" must be a number." echo "pass-length \"$length\" must be a number."
exit 1 exit 1
...@@ -522,6 +535,7 @@ cmd_delete() { ...@@ -522,6 +535,7 @@ cmd_delete() {
exit 1 exit 1
fi fi
local path="$1" local path="$1"
check_sneaky_paths "$path"
local passfile="$PREFIX/${path%/}" local passfile="$PREFIX/${path%/}"
if [[ ! -d $passfile ]]; then if [[ ! -d $passfile ]]; then
...@@ -560,6 +574,7 @@ cmd_copy_move() { ...@@ -560,6 +574,7 @@ cmd_copy_move() {
echo "Usage: $PROGRAM $COMMAND [--force,-f] old-path new-path" echo "Usage: $PROGRAM $COMMAND [--force,-f] old-path new-path"
exit 1 exit 1
fi fi
check_sneaky_paths "$@"
local old_path="$PREFIX/${1%/}" local old_path="$PREFIX/${1%/}"
local new_path="$PREFIX/$2" local new_path="$PREFIX/$2"
local old_dir="$old_path" local old_dir="$old_path"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment