diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index de0d23f52..2e3895336 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1312,6 +1312,14 @@ You are about to remove the EASYRSA_PKI at: and initialize a fresh PKI here." + # EasyRSA will NOT do 'rm -rf /' + case "$EASYRSA_PKI" in + .|..|./|../|/|\\|?:|'') + if [ -w "$EASYRSA_PKI" ]; then + die "Invalid configuration." + fi + esac + # now remove it: case "$reset" in hard) @@ -5584,7 +5592,7 @@ EasyRSA '$cmd' does not support --startdate or --enddate" if [ "$easyrsa_host_os" = win ]; then if echo "$PWD" | grep -q '/Prog.*/OpenVPN/easy-rsa' then - warn "\ + verbose "\ Using Windows-System-Folders for your PKI is NOT SECURE! Your Easy-RSA PKI CA Private Key is WORLD readable. @@ -5596,12 +5604,6 @@ To correct this problem, it is recommended that you either: fi fi - # Use of --silent and --verbose - if [ "$EASYRSA_SILENT" ] && [ "$EASYRSA_VERBOSE" ]; then - user_error "\ -Use of --silent and --verbose is unresolvable." - fi - verbose "mutual_exclusions: COMPLETED" } # => mutual_exclusions() @@ -5869,9 +5871,6 @@ ${unexpected_error}" # Verify working environment verify_working_env() { - # Do not allow demented paths, eg: '/' or '\' - sanitize_path - # Verify SSL Lib - One time ONLY verify_ssl_lib @@ -5928,38 +5927,6 @@ Temporary directory does not exist: verbose "verify_working_env: COMPLETED" } # => verify_working_env() -# Sanitize demented directory names -sanitize_path() { - # Sanitize PWD - verbose "Working dir: $PWD" - case "$PWD" in - */|*\\|?:) - user_error "\ -EasyRSA cannot be run in the root directory: $PWD" - esac - - # Sanitize EASYRSA - verbose "EASYRSA: $EASYRSA" - case "$EASYRSA" in - */|*\\|?:) - user_error "Invalid EASYRSA: $EASYRSA" - esac - - # Sanitize EASYRSA_PKI - verbose "EASYRSA_PKI: $EASYRSA_PKI" - case "$EASYRSA_PKI" in - */|*\\|?:) - user_error "Invalid EASYRSA_PKI: $EASYRSA_PKI" - esac - - # Sanitize EASYRSA_TEMP_DIR - verbose "EASYRSA_TEMP_DIR: $EASYRSA_TEMP_DIR" - case "$EASYRSA_TEMP_DIR" in - */|*\\|?:) - user_error "Invalid EASYRSA_TEMP_DIR: $EASYRSA_TEMP_DIR" - esac -} # => sanitize_path() - # variable assignment by indirection. # Sets '$1' as the value contained in '$2' # and exports (may be blank)