Check for EASYRSA_PASSIN and EASYRSA_PASSOUT vars in config file

and refuse to continue if they are present there, as they might containg passwords.
2020-03-26 23:51:02 +01:00 · 2020-03-26 23:51:02 +01:00 · f390dbebc1
commit f390dbebc1
parent f4b4308f16
1 changed files with 6 additions and 0 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -1645,6 +1645,12 @@ vars_setup() {
 	# If a vars file was located, source it
 	# If $EASYRSA_NO_VARS is defined (not blank) this is skipped
 	if [ -z "$EASYRSA_NO_VARS" ] && [ -n "$vars" ]; then
+		if grep -Eq 'EASYRSA_PASSIN|EASYRSA_PASSOUT' "$vars"; then
+			die "\
+Variable EASYRSA_PASSIN or EASYRSA_PASSOUT has been found in the configuration \
+file. Storing sensitive information in the configuration file is not \
+recommended - please remove it from there before continuing."
+		fi
 		#shellcheck disable=SC2034
 		EASYRSA_CALLER=1 
 		# shellcheck disable=SC1090