aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-03-25 20:14:12 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-03-25 20:14:50 +0100
commit2c9f42f83376e8450e40ac61717babb414c78a95 (patch)
tree673e2358451d0f6147b56a29be095be036f68fac
parent28f215f4950791b3b285dc176fefefbd105fdb73 (diff)
Untaint identity filenames.
-rwxr-xr-xcli/icevault3
1 files changed, 2 insertions, 1 deletions
diff --git a/cli/icevault b/cli/icevault
index 93a4768..eb8c343 100755
--- a/cli/icevault
+++ b/cli/icevault
@@ -339,7 +339,8 @@ sub getIdentityFile($) {
$1 eq 'h' ? $h :
$1 eq 'i' ? $i :
die "Invalid placeholder %$1" }ge;
- return $filename;
+ $filename =~ /\A(\p{Print}+)\z/ or error "Insecure C<%s>", $filename; # untaint $filename
+ return $1;
}
# Decrypt the given identity file and return the YAML-parsed form.