From d325ced69c71c53d8c6aabe90538fe6671ad727e Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Tue, 6 Jan 2026 10:04:58 +0000 Subject: [PATCH] fix: quote shell variables in entrypoint to prevent word splitting and globbing This change properly quotes variables in `copyables/entrypoint.sh` to prevent: - Password truncation when passwords contain spaces. - Accidental wildcard expansion if certificate/key variables contain glob characters. - Word splitting of usernames and passwords. --- copyables/entrypoint.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/copyables/entrypoint.sh b/copyables/entrypoint.sh index 0d224a0..6f7a4d8 100644 --- a/copyables/entrypoint.sh +++ b/copyables/entrypoint.sh @@ -94,14 +94,14 @@ if [ ! -f $CONFIG ] || [ ! -s $CONFIG ]; then elif [[ "*${CERT}*" != "**" && "*${KEY}*" != "**" ]]; then # server cert/key pair specified via -e - CERT=$(echo ${CERT} | sed -r 's/\-{5}[^\-]+\-{5}//g;s/[^A-Za-z0-9\+\/\=]//g;') + CERT=$(echo "${CERT}" | sed -r 's/\-{5}[^\-]+\-{5}//g;s/[^A-Za-z0-9\+\/\=]//g;') echo -----BEGIN CERTIFICATE----- >server.crt - echo ${CERT} | fold -w 64 >>server.crt + echo "${CERT}" | fold -w 64 >>server.crt echo -----END CERTIFICATE----- >>server.crt - KEY=$(echo ${KEY} | sed -r 's/\-{5}[^\-]+\-{5}//g;s/[^A-Za-z0-9\+\/\=]//g;') + KEY=$(echo "${KEY}" | sed -r 's/\-{5}[^\-]+\-{5}//g;s/[^A-Za-z0-9\+\/\=]//g;') echo -----BEGIN PRIVATE KEY----- >server.key - echo ${KEY} | fold -w 64 >>server.key + echo "${KEY}" | fold -w 64 >>server.key echo -----END PRIVATE KEY----- >>server.key vpncmd_server ServerCertSet /LOADCERT:server.crt /LOADKEY:server.key @@ -142,11 +142,11 @@ if [ ! -f $CONFIG ] || [ ! -s $CONFIG ]; then for i in "${USER[@]}"; do IFS=':' read username password <<<"$i" # echo "Creating user: ${username}" - adduser $username $password + adduser "$username" "$password" done done <<<"$USERS" else - adduser $USERNAME $PASSWORD + adduser "$USERNAME" "$PASSWORD" fi echo