mirror of https://github.com/digint/btrbk
btrbk: treat all filenames as unsafe
Axel Burri
parent
2933e65cbe
commit
27388c7589
12
btrbk
12
btrbk
|
|
@ -582,7 +582,7 @@ sub init_transaction_log($$)
|
|||
my $file = shift;
|
||||
my $config_syslog_facility = shift;
|
||||
if(defined($file) && (not $dryrun)) {
|
||||
if(open($tlog_fh, ">> $file")) {
|
||||
if(open($tlog_fh, '>>', $file)) {
|
||||
# print headers (disabled)
|
||||
# print_formatted("transaction", [ ], output_format => "tlog", outfile => $tlog_fh);
|
||||
INFO "Using transaction log: $file";
|
||||
|
|
@ -1753,7 +1753,7 @@ sub btrfs_send_to_file($$$;$$)
|
|||
# of slower random generation.
|
||||
my @gpg_options = ( '--batch', '--no-tty', '--no-random-seed-file', '--trust-model', 'always' );
|
||||
push @gpg_options, ( '--compress-algo', 'none' ) if($compress); # NOTE: if --compress-algo is not set, gpg might still compress according to OpenPGP standard.
|
||||
push(@gpg_options, ( '--no-default-keyring', '--keyring', $encrypt->{keyring} )) if($encrypt->{keyring});
|
||||
push(@gpg_options, ( '--no-default-keyring', '--keyring', { unsafe => $encrypt->{keyring} } )) if($encrypt->{keyring});
|
||||
push(@gpg_options, ( '--default-recipient', $encrypt->{recipient} )) if($encrypt->{recipient});
|
||||
push @cmd_pipe, {
|
||||
cmd => [ 'gpg', @gpg_options, '--encrypt' ],
|
||||
|
|
@ -1783,7 +1783,7 @@ sub btrfs_send_to_file($$$;$$)
|
|||
if($encrypt->{kdf_backend}) {
|
||||
WARN "Both openssl_keyfile and kdf_backend are configured, ignoring kdf_backend!";
|
||||
}
|
||||
$encrypt_key = '$(cat ' . $encrypt->{keyfile} . ')';
|
||||
$encrypt_key = '$(cat ' . quoteshell($encrypt->{keyfile}) . ')';
|
||||
}
|
||||
elsif($encrypt->{kdf_backend}) {
|
||||
if($encrypt->{kdf_keygen_each}) {
|
||||
|
|
@ -1801,7 +1801,7 @@ sub btrfs_send_to_file($$$;$$)
|
|||
my $key_target_text = $encrypt->{kdf_keygen_each} ? "\"$vol_received->{PRINT}\"" : "all raw backups";
|
||||
|
||||
print STDOUT "\nGenerate session key for $key_target_text:\n";
|
||||
my $kdf_values = run_cmd(cmd => [ $encrypt->{kdf_backend}, $encrypt->{kdf_keysize} ],
|
||||
my $kdf_values = run_cmd(cmd => [ { unsafe => $encrypt->{kdf_backend} }, $encrypt->{kdf_keysize} ],
|
||||
non_destructive => 1,
|
||||
name => $kdf_backend_name
|
||||
);
|
||||
|
|
@ -2947,7 +2947,7 @@ sub vinfo_rsh($;@)
|
|||
push(@ssh_options, '-p', $ssh_port) if($ssh_port);
|
||||
push(@ssh_options, '-c', $ssh_cipher_spec) if($ssh_cipher_spec ne "default");
|
||||
if($ssh_identity) {
|
||||
push(@ssh_options, '-i', $ssh_identity);
|
||||
push(@ssh_options, '-i', { unsafe => $ssh_identity });
|
||||
} else {
|
||||
WARN_ONCE "No SSH identity provided (option ssh_identity is not set) for: " . ($vinfo->{CONFIG}->{url} // $vinfo->{PRINT});
|
||||
}
|
||||
|
|
@ -6040,7 +6040,7 @@ MAIN:
|
|||
#
|
||||
$lockfile //= config_key($config, "lockfile");
|
||||
if(defined($lockfile) && (not $dryrun)) {
|
||||
unless(open(LOCKFILE, ">>$lockfile")) {
|
||||
unless(open(LOCKFILE, '>>', $lockfile)) {
|
||||
# NOTE: the lockfile is never deleted by design
|
||||
ERROR "Failed to open lock file '$lockfile': $!";
|
||||
exit 3;
|
||||
|
|
|
|||
Loading…
Reference in New Issue