Stuart Henderson <st...@openbsd.org> writes: > This avoids breaking with shell special characters. OK for the simple > fix? Or is there a safer way to feed in the password?
OK. I only took a quick look at it, but -key seems the only way to pass the password, and switching this to execv(e) seems intrusive. > I also noticed that ikeca.cnf doesn't get installed (the distribution: > target in ikectl/Makefile is commented out), is there a reason for > that? > > Index: ikeca.c > =================================================================== > RCS file: /cvs/src/usr.sbin/ikectl/ikeca.c,v > retrieving revision 1.30 > diff -u -p -r1.30 ikeca.c > --- ikeca.c 16 Jan 2015 06:40:17 -0000 1.30 > +++ ikeca.c 23 Jul 2015 15:57:57 -0000 > @@ -774,7 +774,7 @@ ca_revoke(struct ca *ca, char *keyname) > if (keyname) { > snprintf(cmd, sizeof(cmd), "env CADB='%s/index.txt' " > " %s ca %s-config %s -keyfile %s/private/ca.key" > - " -key %s" > + " -key '%s'" > " -cert %s/ca.crt" > " -md sha1" > " -revoke %s/%s.crt", > @@ -785,7 +785,7 @@ ca_revoke(struct ca *ca, char *keyname) > > snprintf(cmd, sizeof(cmd), "env CADB='%s/index.txt' " > " %s ca %s-config %s -keyfile %s/private/ca.key" > - " -key %s" > + " -key '%s'" > " -gencrl" > " -cert %s/ca.crt" > " -md sha1" > -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE