From 8ca55cfff0dd6645f727c8215cc2d211fa3b2de4 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 16 Jul 2023 00:27:56 +0100
Subject: [PATCH] sign-req: Unique serial, check input serial is hexadecimal
 only

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 5062a19..2c896ee 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -2449,6 +2449,13 @@ Certificate created at:
 # Check serial in db
 check_serial_unique() {
 	[ "$1" ] || user_error "Serial number required!"
+	case "$1" in
+	(*[!1234567890abcdef]*)
+		user_error "Invalid serial number: '$1'"
+	;;
+	*)
+		: # ok
+	esac
 
 	[ "$2" = batch ] && internal_batch=1