From e04f6866513d8d17d7004bceaca36060979f1ce3 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 5 May 2020 23:20:36 +0200
Subject: [PATCH] Prevent use of uninitialized variables

---
 CHANGELOG.md | 1 +
 shellpki     | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5482f91..3d07cec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Extract variables for files
 * Use inline pass phrase arguments
 * Remove "set -e" and add many return code checks
+* Prevent use of uninitialized variables
 
 ### Deprecated
 
diff --git a/shellpki b/shellpki
index 5803daf..e409bc2 100755
--- a/shellpki
+++ b/shellpki
@@ -3,6 +3,8 @@
 # shellpki is a wrapper around OpenSSL to manage a small PKI
 #
 
+set -u
+
 VERSION="1.0.0"
 
 show_version() {
@@ -225,7 +227,7 @@ ask_ca_password() {
     if [ "${attempt}" -ge "${max_attempts}" ]; then
         error "Maximum number of attempts reached (${max_attempts})."
     fi
-    if [ -z "${CA_PASSWORD}" ]; then
+    if [ -z "${CA_PASSWORD:-}" ]; then
         if [ "${non_interactive}" -eq 1 ]; then
             error "In non-interactive mode, you must pass CA_PASSWORD as environment variable"
         fi
@@ -235,7 +237,7 @@ ask_ca_password() {
         stty echo
         printf "\n"
     fi
-    if [ -z "${CA_PASSWORD}" ] || ! verify_ca_password; then
+    if [ -z "${CA_PASSWORD:-}" ] || ! verify_ca_password; then
         unset CA_PASSWORD
         attempt=$(( attempt + 1 ))
         ask_ca_password "${attempt}"
@@ -259,6 +261,8 @@ create() {
     from_csr=0
     ask_pass=0
     non_interactive=0
+    days=""
+    end_date=""
 
     # Parse options
     # based on https://gist.github.com/deshion/10d3cb5f88a21671e17a