sign-req: Unique serial, check input serial is hexadecimal only

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
2023-07-16 00:27:56 +01:00 · 2023-07-16 00:27:56 +01:00 · 8ca55cfff0
commit 8ca55cfff0
parent a78babf835
1 changed files with 7 additions and 0 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -2449,6 +2449,13 @@ Certificate created at:
 # Check serial in db
 check_serial_unique() {
 	[ "$1" ] || user_error "Serial number required!"
+	case "$1" in
+	(*[!1234567890abcdef]*)
+		user_error "Invalid serial number: '$1'"
+	;;
+	*)
+		: # ok
+	esac

 	[ "$2" = batch ] && internal_batch=1