[PATCH] Use eval() to shell-parse $EDITOR for pass-edit

martin f. krafft madduck at madduck.net
Mon Aug 12 07:21:23 CEST 2019 

Enables shell-parsing of $EDITOR when executing its contents on
temporary files during `pass edit`.

Previously, trying to invoke e.g. vim with a set of commands, such as

```
vim -c 'set nostmp'
```

would result in `pass` calling

```
execve("/usr/bin/vim", ["vim", "-c", "'set", "nostmp'", "/dev/shm/pass.…"...], …
```

i.e. it would ignore quotes when splitting up the command line.

With this patch, the editor is properly called:

```
execve("/usr/bin/vim", ["vim", "-c", "set nostmp", "/dev/shm/pass.…"...], …
```

Signed-off-by: martin f. krafft <madduck at madduck.net>
---
 src/password-store.sh     |  2 +-
 tests/t0201-edit-tests.sh | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100755 tests/t0201-edit-tests.sh

diff --git a/src/password-store.sh b/src/password-store.sh
index 1d119f2..46425f9 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -497,7 +497,7 @@ cmd_edit() {
 		$GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1
 		action="Edit"
 	fi
-	${EDITOR:-vi} "$tmp_file"
+	eval ${EDITOR:-vi} "$tmp_file"
 	[[ -f $tmp_file ]] || die "New password not saved."
 	$GPG -d -o - "${GPG_OPTS[@]}" "$passfile" 2>/dev/null | diff - "$tmp_file" &>/dev/null && die "Password unchanged."
 	while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
diff --git a/tests/t0201-edit-tests.sh b/tests/t0201-edit-tests.sh
new file mode 100755
index 0000000..8f32881
--- /dev/null
+++ b/tests/t0201-edit-tests.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+test_description='Test edit with spaces in $EDITOR'
+cd "$(dirname "$0")"
+. ./setup.sh
+
+test_expect_success 'Test shell-parsing of $EDITOR' '
+	"$PASS" init $KEY1 &&
+	"$PASS" generate cred1 90 &&
+	export PASSWORD_WITH_SPACE="Password with space" &&
+	export EDITOR="sed -i -e \"1s,^.*\$,$PASSWORD_WITH_SPACE,\"" &&
+	"$PASS" edit cred1 2> /tmp/cred1 &&
+	"$PASS" show cred1 > /tmp/cred1 &&
+	[[ $("$PASS" show cred1) == "$PASSWORD_WITH_SPACE" ]]
+'
+
+test_done
-- 
2.23.0.rc1

More information about the Password-Store mailing list