vars_setup(): When sourcing 'vars' restrict PATH to './'

If '--vars=vars' is used, without specifying a path to 'vars', then sourcing 'vars' fails to find './vars'. POSIX '.' searches the PATH when the file-name does not contain a slash '/'. [man dot(1p)] Since EasyRSA expects the 'vars' file to be within the current working directory, setting 'PATH=./' forces '.' to search ONLY './'. Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Sep 14, 2023 · 5a24fa7 · 5a24fa7
1 parent 4095e33
commit 5a24fa7
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -5788,16 +5788,21 @@ Remove 'unset' ('force_set_var' may also work)."
 		# Enable sourcing 'vars'
 		# shellcheck disable=SC2034 # appears unused
 		EASYRSA_CALLER=1
+		easyrsa_path="$PATH"
+		PATH=./
 
 		# Test sourcing 'vars' in a subshell
 		# shellcheck disable=1090 # can't follow .. vars
 		( . "$vars" ) || \
-			die "Failed to source the vars file."
+			die "Failed to dry-run the vars file."
 
 		# Source 'vars' now
 		# shellcheck disable=1090 # can't follow .. vars
-		. "$vars"
-		unset -v EASYRSA_CALLER
+		. "$vars" || \
+			die "Failed to source the vars file."
+
+		PATH="$easyrsa_path"
+		unset -v EASYRSA_CALLER easyrsa_path
 		verbose "vars_setup: sourced 'vars' OK"
 	fi