From 50c9075ba8167e9209e20d6f092ceca0010fe7af Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Tue, 14 Jan 2020 20:41:08 +0100
Subject: [PATCH] Provide whitelist for $PWD

see #1445
---
 testssl.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 9d0cef4..585f6d3 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -17196,10 +17196,10 @@ EOF
 maketempf() {
      TEMPDIR=$(mktemp -d /tmp/testssl.XXXXXX)
      if [[ $? -ne 0 ]]; then
-          # for e.g. devices where we can't write to /tmp:
-          if [[ $PWD =~ \  ]]; then
-               # We can't allow this as we haven't quoted all strings depending on it, see #1445
-               fatal "\$PWD contains a blank: \"$PWD\"" $ERR_FCREATE
+          # For e.g. devices where we can't write to /tmp we chose $PWD but we can't
+          # allow every char as we haven't quoted all strings depending on it, see #1445
+          if [[ $PWD =~ ^[A-Za-z0-9\.,-/_]+$ ]]; then
+               fatal "\$PWD contains illegal chars: \"$PWD\"" $ERR_FCREATE
           fi
           TEMPDIR=$(mktemp -d "PWD/testssl.XXXXXX") || exit $ERR_FCREATE
      fi