From 7f6f2562b2947d28079f51faaabc5aa9428e5f2e Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sat, 11 Mar 2023 02:53:05 +0000
Subject: [PATCH] escape_hazard(): Test sourcing vars:org fields via subshell
 first

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 7a11c28..9b4df69 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -776,8 +776,9 @@ escape_hazard - Failed to write temp-file"
 
 	# Reload fields from fully escaped temp-file
 	# shellcheck disable=SC1090 # can't follow non-constant source.
-	. "$easyrsa_vars_org" || die "\
+	(. "$easyrsa_vars_org") || die "\
 escape_hazard - Failed to source temp-file"
+	. "$easyrsa_vars_org"
 } # => escape_hazard()
 
 # Replace environment variable names with current value
@@ -865,7 +866,7 @@ easyrsa_openssl() {
 	# '$' - Workaround 'easyrsa' based limitation
 	# This is required for all SSL libs, otherwise,
 	# there are unacceptable differences in behavior
-	escape_hazard
+	escape_hazard || die "easyrsa_openssl - escape_hazard failed"
 
 	# Make LibreSSL safe config file from OpenSSL config file
 	# $require_safe_ssl_conf is ALWAYS set by verify_ssl_lib()