Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PR #4192/da49c096 backport][stable-4] passwordstore: Prevent using path as password #4218

Merged
merged 1 commit into from
Feb 17, 2022
Merged

[PR #4192/da49c096 backport][stable-4] passwordstore: Prevent using path as password #4218

merged 1 commit into from
Feb 17, 2022

Conversation

patchback[bot]
Copy link

@patchback patchback bot commented Feb 17, 2022

This is a backport of PR #4192 as merged into main (da49c09).

SUMMARY

Given a password stored in path/to/secret, requesting the password
path/to will literally return path/to. This can lead to using
weak passwords by accident/mess up logic in code, based on the
state of the password store.

This is worked around by applying the same logic pass uses:
If a password was returned, check if there is a .gpg file it could
have come from. If not, treat it as missing.

Fixes #4185

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

passwordstore
plugins/lookup/passwordstore

ADDITIONAL INFORMATION

See:

@grembo @patchback
passwordstore: Prevent using path as password (#4192)
0af5493 
Given a password stored in _path/to/secret_, requesting the password
_path/to_ will literally return `path/to`. This can lead to using
weak passwords by accident/mess up logic in code, based on the
state of the password store.

This is worked around by applying the same logic `pass` uses:
If a password was returned, check if there is a .gpg file it could
have come from. If not, treat it as missing.

Fixes #4185

(cherry picked from commit da49c09)
@patchback patchback bot mentioned this pull request Feb 17, 2022
Merged
@ansibullbot ansibullbot added backport bug This issue/PR relates to a bug lookup lookup plugin needs_ci This PR requires CI testing to be performed. Please close and re-open this PR to trigger CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR new_contributor Help guide this first time contributor plugins plugin (any type) labels Feb 17, 2022
@felixfontein felixfontein merged commit 271bafb into stable-4 Feb 17, 2022
@felixfontein felixfontein deleted the patchback/backports/stable-4/da49c0968d6056e7591a324ffab210ce85f9dde4/pr-4192 branch February 17, 2022 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug lookup lookup plugin needs_ci This PR requires CI testing to be performed. Please close and re-open this PR to trigger CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR new_contributor Help guide this first time contributor plugins plugin (any type)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@felixfontein @ansibullbot @grembo