nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 'unsupported character list'

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-05-27 22:36:54 +01:00
parent 8930b9cfab
commit 656a2a240c
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
easyrsa3/easyrsa
View File

@ -652,7 +652,7 @@ make_safe_ssl_copy() {
} # => make_safe_ssl_copy() } # => make_safe_ssl_copy()
# 'sed' behavior with '&' is not modifiable, so auto escape '&' # 'sed' behavior with '&' is not modifiable, so auto escape '&'
escape_borken_char() { escape_char() {
bad_char="$1" bad_char="$1"
in_str="$2" in_str="$2"
shift 2 || die "escape_borken_char - input" shift 2 || die "escape_borken_char - input"
@ -686,7 +686,7 @@ escape_borken_char() {
done done
out_str="${part_head}${part_temp}" out_str="${part_head}${part_temp}"
fi fi
} # => escape_borken_char() } # => escape_char()
# Easy-RSA meta-wrapper for SSL # Easy-RSA meta-wrapper for SSL
easyrsa_openssl() { easyrsa_openssl() {
@ -720,15 +720,15 @@ easyrsa_openssl() {
fi fi
# escape borken chars: '&' # escape borken chars: '&'
escape_borken_char '&' "$EASYRSA_REQ_PROVINCE" escape_char '&' "$EASYRSA_REQ_PROVINCE"
EASYRSA_REQ_PROVINCE_esc="$out_str" EASYRSA_REQ_PROVINCE_esc="$out_str"
escape_borken_char '&' "$EASYRSA_REQ_CITY" escape_char '&' "$EASYRSA_REQ_CITY"
EASYRSA_REQ_CITY_esc="$out_str" EASYRSA_REQ_CITY_esc="$out_str"
escape_borken_char '&' "$EASYRSA_REQ_ORG" escape_char '&' "$EASYRSA_REQ_ORG"
EASYRSA_REQ_ORG_esc="$out_str" EASYRSA_REQ_ORG_esc="$out_str"
escape_borken_char '&' "$EASYRSA_REQ_EMAIL" escape_char '&' "$EASYRSA_REQ_EMAIL"
EASYRSA_REQ_EMAIL_esc="$out_str" EASYRSA_REQ_EMAIL_esc="$out_str"
escape_borken_char '&' "$EASYRSA_REQ_OU" escape_char '&' "$EASYRSA_REQ_OU"
EASYRSA_REQ_OU_esc="$out_str" EASYRSA_REQ_OU_esc="$out_str"
# OpenSSL does not require a safe config, so skip to the copy # OpenSSL does not require a safe config, so skip to the copy
@ -3492,12 +3492,24 @@ recommended - please remove it from there before continuing."
# Sanitize vars further but ONLY if it is in PKI folder # Sanitize vars further but ONLY if it is in PKI folder
if [ "$vars_in_pki" ]; then if [ "$vars_in_pki" ]; then
# Warning: Unsupported characters # Warning: Unsupported characters
if grep '^[[:blank:]]*set_var[[:blank:]]\+.*' "$vars" | \ if
grep -q -e '&' -e "'" -e '`' -e '\$' -e '#' ; then grep \
warn "\ '^[[:blank:]]*set_var[[:blank:]][[:blank:]]*.*' \
"$vars" |
grep \
-e "EASYRSA_REQ_COUNTRY" \
-e "EASYRSA_REQ_PROVINCE" \
-e "EASYRSA_REQ_CITY" \
-e "EASYRSA_REQ_ORG" \
-e "EASYRSA_REQ_EMAIL" \
-e "EASYRSA_REQ_OU" |
grep \
-e '`' -e '{' -e '}'
then
warn '\
Unsupported characters are present in the vars file. Unsupported characters are present in the vars file.
These characters are not supported: (') (&) (\`) (\$) (#) These characters are not supported: (\`) ({) (})
Sourcing the vars file and building certificates will probably fail .." Sourcing the vars file and building certificates will probably fail ..'
fi fi
fi fi
@ -3513,7 +3525,7 @@ Failed to source the vars file, remove any unsupported characters."
# Source 'vars' now # Source 'vars' now
# shellcheck disable=1090 # can't follow non-constant source. vars # shellcheck disable=1090 # can't follow non-constant source. vars
. "$vars" 2>/dev/null . "$vars" 2>/dev/null
message "Using Easy-RSA configuration from: ${vars}" message "Using Easy-RSA configuration from: $vars"
if [ "$user_vars_true" ]; then if [ "$user_vars_true" ]; then
: # ok - No message required : # ok - No message required