Browse Source

Implemented proper escaping for filenames

pull/4731/head
Jari Turkia 1 year ago
parent
commit
e77b4a45ae
  1. 65
      acme.sh

65
acme.sh

@ -1039,12 +1039,15 @@ _sign() {
return 1 return 1
fi fi
_sign_openssl="${ACME_OPENSSL_BIN:-openssl} dgst -sign $keyfile "
_sign_openssl=("${ACME_OPENSSL_BIN:-openssl}" dgst -sign "$keyfile")
if _isRSA "$keyfile" >/dev/null 2>&1; then if _isRSA "$keyfile" >/dev/null 2>&1; then
$_sign_openssl -$alg | _base64
cmd=("${_sign_openssl[@]}" -$alg)
"${cmd[@]}" | _base64
elif _isEcc "$keyfile" >/dev/null 2>&1; then elif _isEcc "$keyfile" >/dev/null 2>&1; then
if ! _signedECText="$($_sign_openssl -sha$__ECC_KEY_LEN | ${ACME_OPENSSL_BIN:-openssl} asn1parse -inform DER)"; then
cmd1=("${_sign_openssl[@]}" -sha$__ECC_KEY_LEN)
cmd2=("${ACME_OPENSSL_BIN:-openssl}" asn1parse -inform DER)
if ! _signedECText="$("${cmd1[@]}" | "${cmd2[@]}")"; then
_err "Sign failed: $_sign_openssl" _err "Sign failed: $_sign_openssl"
_err "Key file: $keyfile" _err "Key file: $keyfile"
_err "Key content:$(wc -l <"$keyfile") lines" _err "Key content:$(wc -l <"$keyfile") lines"
@ -1827,23 +1830,23 @@ _inithttp() {
fi fi
if [ -z "$_ACME_CURL" ] && _exists "curl"; then if [ -z "$_ACME_CURL" ] && _exists "curl"; then
_ACME_CURL="curl --silent --dump-header $HTTP_HEADER "
_ACME_CURL=(curl --silent --dump-header "${HTTP_HEADER}")
if [ -z "$ACME_HTTP_NO_REDIRECTS" ]; then if [ -z "$ACME_HTTP_NO_REDIRECTS" ]; then
_ACME_CURL="$_ACME_CURL -L "
_ACME_CURL+=(-L)
fi fi
if [ "$DEBUG" ] && [ "$DEBUG" -ge 2 ]; then if [ "$DEBUG" ] && [ "$DEBUG" -ge 2 ]; then
_CURL_DUMP="$(_mktemp)" _CURL_DUMP="$(_mktemp)"
_ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP "
_ACME_CURL+=(--trace-ascii $_CURL_DUMP)
fi fi
if [ "$CA_PATH" ]; then if [ "$CA_PATH" ]; then
_ACME_CURL="$_ACME_CURL --capath $CA_PATH "
_ACME_CURL+=(--capath "$CA_PATH")
elif [ "$CA_BUNDLE" ]; then elif [ "$CA_BUNDLE" ]; then
_ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE "
_ACME_CURL+=(--cacert "$CA_BUNDLE")
fi fi
if _contains "$(curl --help 2>&1)" "--globoff" || _contains "$(curl --help curl 2>&1)" "--globoff"; then if _contains "$(curl --help 2>&1)" "--globoff" || _contains "$(curl --help curl 2>&1)" "--globoff"; then
_ACME_CURL="$_ACME_CURL -g "
_ACME_CURL+=(-g)
fi fi
#don't use --fail-with-body #don't use --fail-with-body
@ -1898,42 +1901,44 @@ _post() {
_inithttp _inithttp
if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then
_CURL="$_ACME_CURL"
_CURL=("${_ACME_CURL[@]}")
if [ "$HTTPS_INSECURE" ]; then if [ "$HTTPS_INSECURE" ]; then
_CURL="$_CURL --insecure "
_CURL+=(--insecure)
fi fi
if [ "$httpmethod" = "HEAD" ]; then if [ "$httpmethod" = "HEAD" ]; then
_CURL="$_CURL -I "
_CURL+=(-I)
fi fi
_debug "_CURL" "$_CURL"
_debug "_CURL" "${_CURL[*]}"
if [ "$needbase64" ]; then if [ "$needbase64" ]; then
if [ "$body" ]; then if [ "$body" ]; then
if [ "$_postContentType" ]; then if [ "$_postContentType" ]; then
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
cmd=("${_CURL[@]}" --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")
else else
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
cmd=("${_CURL[@]}" --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")
fi fi
else else
if [ "$_postContentType" ]; then if [ "$_postContentType" ]; then
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url" | _base64)"
cmd=("${_CURL[@]}" --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")
else else
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url" | _base64)"
cmd=("${_CURL[@]}" --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")
fi fi
fi fi
response="$("${cmd[@]}" | _base64)"
else else
if [ "$body" ]; then if [ "$body" ]; then
if [ "$_postContentType" ]; then if [ "$_postContentType" ]; then
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
cmd=("${_CURL[@]}" --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")
else else
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
cmd=("${_CURL[@]}" --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")
fi fi
else else
if [ "$_postContentType" ]; then if [ "$_postContentType" ]; then
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")"
cmd=("${_CURL[@]}" --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")
else else
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")"
cmd=("${_CURL[@]}" --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")
fi fi
fi fi
response="$("${cmd[@]}")"
fi fi
_ret="$?" _ret="$?"
if [ "$_ret" != "0" ]; then if [ "$_ret" != "0" ]; then
@ -2023,18 +2028,18 @@ _get() {
_inithttp _inithttp
if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then
_CURL="$_ACME_CURL"
_CURL=("${_ACME_CURL[@]}")
if [ "$HTTPS_INSECURE" ]; then if [ "$HTTPS_INSECURE" ]; then
_CURL="$_CURL --insecure " _CURL="$_CURL --insecure "
fi fi
if [ "$t" ]; then if [ "$t" ]; then
_CURL="$_CURL --connect-timeout $t" _CURL="$_CURL --connect-timeout $t"
fi fi
_debug "_CURL" "$_CURL"
_debug "_CURL" "${_CURL[*]}"
if [ "$onlyheader" ]; then if [ "$onlyheader" ]; then
$_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
"${_CURL[@]}" -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
else else
$_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
"${_CURL[@]}" --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
fi fi
ret=$? ret=$?
if [ "$ret" != "0" ]; then if [ "$ret" != "0" ]; then
@ -3050,7 +3055,7 @@ _on_before_issue() {
if ! ( if ! (
export Le_Domain="$_chk_main_domain" export Le_Domain="$_chk_main_domain"
export Le_Alt="$_chk_alt_domains" export Le_Alt="$_chk_alt_domains"
cd "$DOMAIN_PATH" && eval "$_chk_pre_hook"
cd "$DOMAIN_PATH" && eval "\"$_chk_pre_hook\""
); then ); then
_err "Error when run pre hook." _err "Error when run pre hook."
return 1 return 1
@ -3140,7 +3145,7 @@ _on_issue_err() {
if [ "$_chk_post_hook" ]; then if [ "$_chk_post_hook" ]; then
_info "Run post hook:'$_chk_post_hook'" _info "Run post hook:'$_chk_post_hook'"
if ! ( if ! (
cd "$DOMAIN_PATH" && eval "$_chk_post_hook"
cd "$DOMAIN_PATH" && eval "\"$_chk_post_hook\""
); then ); then
_err "Error when run post hook." _err "Error when run post hook."
return 1 return 1
@ -3188,7 +3193,7 @@ _on_issue_success() {
export CA_CERT_PATH export CA_CERT_PATH
export CERT_FULLCHAIN_PATH export CERT_FULLCHAIN_PATH
export Le_Domain="$_main_domain" export Le_Domain="$_main_domain"
cd "$DOMAIN_PATH" && eval "$_chk_post_hook"
cd "$DOMAIN_PATH" && eval "\"$_chk_post_hook\""
); then ); then
_err "Error when run post hook." _err "Error when run post hook."
return 1 return 1
@ -3204,7 +3209,7 @@ _on_issue_success() {
export CA_CERT_PATH export CA_CERT_PATH
export CERT_FULLCHAIN_PATH export CERT_FULLCHAIN_PATH
export Le_Domain="$_main_domain" export Le_Domain="$_main_domain"
cd "$DOMAIN_PATH" && eval "$_chk_renew_hook"
cd "$DOMAIN_PATH" && eval "\"$_chk_renew_hook\""
); then ); then
_err "Error when run renew hook." _err "Error when run renew hook."
return 1 return 1
@ -3375,7 +3380,7 @@ _regAccount() {
fi fi
_savecaconf "ACCOUNT_URL" "$_accUri" _savecaconf "ACCOUNT_URL" "$_accUri"
else else
ACCOUNT_URL="$(_readcaconf ACCOUNT_URL)"
ACCOUNT_URL="$(_readcaconf "ACCOUNT_URL")"
fi fi
export ACCOUNT_URL="$_accUri" export ACCOUNT_URL="$_accUri"

Loading…
Cancel
Save