From 5a24fa7815b03368ce19d31d7ae6d2a942628c8c Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Thu, 14 Sep 2023 23:16:40 +0100
Subject: [PATCH] vars_setup(): When sourcing 'vars' restrict PATH to './'

If '--vars=vars' is used, without specifying a path to 'vars', then
sourcing 'vars' fails to find './vars'. POSIX '.' searches the PATH
when the file-name does not contain a slash '/'. [man dot(1p)]

Since EasyRSA expects the 'vars' file to be within the current working
directory, setting 'PATH=./' forces '.' to search ONLY './'.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 2ba53d7..35416ec 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -5788,16 +5788,21 @@ Remove 'unset' ('force_set_var' may also work)."
 		# Enable sourcing 'vars'
 		# shellcheck disable=SC2034 # appears unused
 		EASYRSA_CALLER=1
+		easyrsa_path="$PATH"
+		PATH=./
 
 		# Test sourcing 'vars' in a subshell
 		# shellcheck disable=1090 # can't follow .. vars
 		( . "$vars" ) || \
-			die "Failed to source the vars file."
+			die "Failed to dry-run the vars file."
 
 		# Source 'vars' now
 		# shellcheck disable=1090 # can't follow .. vars
-		. "$vars"
-		unset -v EASYRSA_CALLER
+		. "$vars" || \
+			die "Failed to source the vars file."
+
+		PATH="$easyrsa_path"
+		unset -v EASYRSA_CALLER easyrsa_path
 		verbose "vars_setup: sourced 'vars' OK"
 	fi