From 45ad89b6cddbcb3c112f1c2cdfd4361bc7fdced3 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 9 Feb 2013 19:54:08 +0100
Subject: Dual-quote arguments passed to su_monkeysphere_user() when possible.

It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.

Quoting shell-inside-shell is tricky to do right, and gets trickier when
the wrapper demands unusually complex quoting.

su_monkeysphere_user() expands arguments using "$*" which (unlike "$@")
collapses all arguments into a single string, and therefore require
"risky" arguments (e.g. ones containing variables that may contain space
or other unusual characters) to be dual-quoted for them to not wreak
havoc at the inside shell.

This patch improves arguments passed to su_monkeysphere_user() by first
single-quoting and then double-quoting arguments containing variables.

NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe
but effectively is a noop (quoting is lost at wrapper!).
---
 src/share/ma/add_certifier | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/share/ma/add_certifier')

diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index d456763..3acfd34 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then
     # check the key is ok as monkeysphere user before loading
     log debug "checking keys in file..."
     fingerprint=$(su_monkeysphere_user \
-	. "${SYSSHAREDIR}/list_primary_fingerprints" < "$keyID")
+	. "'${SYSSHAREDIR}/list_primary_fingerprints'" < "$keyID")
 
     if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
 	failure "There was not exactly one gpg key in the file."
@@ -114,12 +114,12 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then
 # else, get the key from the keyserver
 else
     log verbose "searching keyserver $KEYSERVER for keyID $keyID..."
-    gpg_sphere --keyserver "$KEYSERVER" --recv-key "0x${keyID}!" \
+    gpg_sphere --keyserver "'$KEYSERVER'" --recv-key "'0x${keyID}!'" \
 	|| failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
 
     # get the full fingerprint of new certifier key
     log debug "getting fingerprint of certifier key..."
-    fingerprint=$(gpg_sphere --list-key --with-colons --with-fingerprint "0x${keyID}!" \
+    fingerprint=$(gpg_sphere --list-key --with-colons --with-fingerprint "'0x${keyID}!'" \
 	| grep '^fpr:' | cut -d: -f10)
 
     # test that there is only a single fingerprint
@@ -133,7 +133,7 @@ EOF
     fi
 
     log info "key found:"
-    gpg_sphere --fingerprint "0x${fingerprint}!"
+    gpg_sphere --fingerprint "'0x${fingerprint}!'"
 
     if [ "$PROMPT" != "false" ] ; then
 	printf "Are you sure you want to add the above key as a certifier\nof users on this system? (Y/n) " >&2
@@ -149,7 +149,7 @@ fi
 # export the key to the core keyring so that the core can sign the
 # new certifier key
 log debug "loading key into core keyring..."
-gpg_sphere --export "0x${fingerprint}!" | gpg_core --import
+gpg_sphere --export "'0x${fingerprint}!'" | gpg_core --import
 
 # edit-key script to ltsign key
 # NOTE: *all* user IDs will be ltsigned
-- 
cgit v1.2.3