Provide whitelist for $PWD

see #1445
2025-01-03 23:39:45 +01:00 · 2020-01-14 20:41:08 +01:00 · 2020-01-14 20:41:08 +01:00 · 50c9075ba8
commit 50c9075ba8
parent f0f8f3a318
1 changed files with 4 additions and 4 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -17196,10 +17196,10 @@ EOF
 maketempf() {
     TEMPDIR=$(mktemp -d /tmp/testssl.XXXXXX)
     if [[ $? -ne 0 ]]; then
-          # for e.g. devices where we can't write to /tmp:
-          if [[ $PWD =~ \  ]]; then
-               # We can't allow this as we haven't quoted all strings depending on it, see #1445
-               fatal "\$PWD contains a blank: \"$PWD\"" $ERR_FCREATE
+          # For e.g. devices where we can't write to /tmp we chose $PWD but we can't
+          # allow every char as we haven't quoted all strings depending on it, see #1445
+          if [[ $PWD =~ ^[A-Za-z0-9\.,-/_]+$ ]]; then
+               fatal "\$PWD contains illegal chars: \"$PWD\"" $ERR_FCREATE
          fi
          TEMPDIR=$(mktemp -d "PWD/testssl.XXXXXX") || exit $ERR_FCREATE
     fi