Only allow [-a-z_] in etckeeper commands to avoid any possible directory traversal etc issues.

author: Joey Hess <joey@kitenet.net> 2014-07-15 12:27:13 -0400
committer: Joey Hess <joey@kitenet.net> 2014-07-15 12:27:13 -0400
commit: 5d4fc876ad92b3f2844debade49484b862799dcc (patch)
tree: 8334f426ee3b7946204e790c96f771c51b644c0d /etckeeper
parent: 52582f72a50502bc467abf679618b7c101592e74 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/etckeeper b/etckeeper
index 1498b96..554ada9 100755
--- a/etckeeper
+++ b/etckeeper
@@ -75,6 +75,11 @@ elif [ "$command" = "pre-apt" ]; then
 	command=pre-install
 fi
 
+if echo "$command" | egrep -q '[^-a-z_]'; then
+	echo "etckeeper: invalid command $command" >&2
+	exit 1
+fi
+
 if [ ! -d "$ETCKEEPER_CONF_DIR/$command.d" ]; then
 	echo "etckeeper: $ETCKEEPER_CONF_DIR/$command.d does not exist" >&2
 	exit 1
author	Joey Hess <joey@kitenet.net>	2014-07-15 12:27:13 -0400
committer	Joey Hess <joey@kitenet.net>	2014-07-15 12:27:13 -0400
commit	5d4fc876ad92b3f2844debade49484b862799dcc (patch)
tree	8334f426ee3b7946204e790c96f771c51b644c0d /etckeeper
parent	52582f72a50502bc467abf679618b7c101592e74 (diff)