From 233c6e49450afe330d82d06d871eba0722b5e07d Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Mon, 25 Jan 2016 16:11:24 +0100
Subject: [PATCH] Add some sanity check to args passed to hook handler

---
 .../hooks_clean_challenge.d/10smeserver.sh            |  2 +-
 .../letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh b/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh
index 337f46b..e5c9b1c 100644
--- a/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh
+++ b/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 ALTNAME=${1}
-if [[ "$ALTNAME" == "" ]]; then
+if [[ -z $ALTNAME ]]; then
   echo "Error while creating or renewing letsencrypt certificate" | mail -s "Letsencrypt error" admin
 fi
 
diff --git a/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh b/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh
index 2974e34..269b1a9 100644
--- a/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh
+++ b/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh
@@ -5,6 +5,25 @@ DOM=${1}
 KEY=${2}
 CRT=${3}
 CHAIN=${4}
+
+if [ -z $DOM -o -z $KEY -o -z $CRT -o -z $CHAIN ]; then
+  echo "Usage: $0 domain /path/to/key /path/to/cert /path/to/chain" >&2
+  exit 1
+fi
+
+if [ \! -e "$KEY" ]; then
+  echo "Can't use $KEY as key (file doesn't exist)" >&2
+  exit 1
+fi
+if [ \! -e "$CRT" ]; then
+  echo "Can't use $CRT as certificate (file doesn't exist)" >&2
+  exit 1
+fi
+if [ \! -e "$CHAIN" ]; then
+  echo "Can't use $chain as certificate chain (file doesn't exist)" >&2
+  exit 1
+fi
+
 /sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN
 # There's a new ssl-udpate event which update everything in a single event
 # fallback to manual operations if this event doesn't exist