|
 Home
|
|
|
PR Database Search
|
From kuebart@mathematik.uni-ulm.de Sat Feb 19 17:29:39 2005
Return-Path: <kuebart@mathematik.uni-ulm.de>
Received: from mout2.freenet.de (mout2.freenet.de [194.97.50.155])
by narn.netbsd.org (Postfix) with ESMTP id 6E78E63B844
for <gnats-bugs@gnats.NetBSD.org>; Sat, 19 Feb 2005 17:29:38 +0000 (UTC)
Message-Id: <E1D2YQA-0000M2-T7@jaja>
Date: Sat, 19 Feb 2005 18:29:34 +0100
From: Joachim Kuebart <kuebart@mathematik.uni-ulm.de>
Reply-To: kuebart@mathematik.uni-ulm.de
To: gnats-bugs@netbsd.org
Subject: pppoectl's config file does not allow number sign in passwords
X-Send-Pr-Version: 3.95
>Number: 29457
>Category: bin
>Synopsis: pppoectl's config file does not allow number sign in passwords
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Feb 19 17:30:01 +0000 2005
>Closed-Date: Sat Feb 19 18:26:50 +0000 2005
>Last-Modified: Sat Feb 19 18:27:01 +0000 2005
>Originator: Joachim Kuebart
>Release: NetBSD 2.0B
>Organization:
>Environment:
System: NetBSD jaja 2.0B NetBSD 2.0B (ALPHA-$Revision: 1.191 $) #5: Mon Feb 14 19:54:33 CET 2005 joki@jaja:/usr/obj/usr/src/sys/arch/alpha/compile/JAJA alpha
Architecture: alpha
Machine: alpha
pppoectl.8:
$NetBSD: pppoectl.8,v 1.23 2003/10/02 07:07:48 wiz Exp $
pppoectl.c:
$NetBSD: pppoectl.c,v 1.16 2004/09/01 19:38:09 jdolecek Exp $
>Description:
The pppoectl program has an -f switch to specify a file name in
which configuration information is kept. This file is processed
with fparseln(3) and therefore supports features supplied by this
function, viz. comments starting with `#'.
Unfortunately, this feature prevents the user from using the `#'
character as part of their authentication information.
Incidentally, one major ISP in Germany requires `#' signs in user
names.
>How-To-Repeat:
Use a "config" file with the line
myauthname=a#b
After ppppoectl -f config pppoe0, pppoectl pppoe0 will show
myauthname=a
Everything after the number sign is lost (likewise for passwords).
>Fix:
To enable escaping the comment character, pass an appropriate flag
to fparseln(3). I think FPARSELN_UNESCALL is the correct flag value
to use, since every other flag value prevents certain character
sequences from being passed in.
The example above can now be entered thusly:
myauthname=a\#b
while comments are sill supported.
I suggest the following fix:
Index: pppoectl.c
===================================================================
RCS file: /cvsroot/src/sbin/pppoectl/pppoectl.c,v
retrieving revision 1.16
diff -u -p -r1.16 pppoectl.c
--- pppoectl.c 1 Sep 2004 19:38:09 -0000 1.16
+++ pppoectl.c 19 Feb 2005 17:30:15 -0000
@@ -296,7 +296,8 @@ main(int argc, char **argv)
/* first load the config file, then parse command line args */
if (configname && (fp = fopen(configname, "r")))
- while ((line = fparseln(fp, NULL, NULL, NULL, 0)))
+ while ((line = fparseln(fp, NULL, NULL, NULL,
+ FPARSELN_UNESCALL)))
pppoectl_argument(line);
while (argc > 0) {
Index: pppoectl.8
===================================================================
RCS file: /cvsroot/src/sbin/pppoectl/pppoectl.8,v
retrieving revision 1.23
diff -u -p -r1.23 pppoectl.8
--- pppoectl.8 2 Oct 2003 07:07:48 -0000 1.23
+++ pppoectl.8 19 Feb 2005 17:30:14 -0000
@@ -90,10 +90,12 @@ This is only available if DNS query is e
.It Fl f
parse
.Ar config-file
-ignoring lines starting with a # for
+for
.Ar parameter Ns Op \&= Ns Ar value
pairs, one per line, as if they had been specified on the command line.
This allows the password to be not passed as a command line argument.
+Unless escaped by \e, comments starting with # to the end of the current line
+are ignored.
.El
.Pp
Typically, not both the access concentrator name and the service name are
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: christos@netbsd.org
State-Changed-When: Sat, 19 Feb 2005 13:26:50 -0500
State-Changed-Why:
fixed, thanks
From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: PR/29457 CVS commit: src/sbin/pppoectl
Date: Sat, 19 Feb 2005 18:26:09 +0000 (UTC)
Module Name: src
Committed By: christos
Date: Sat Feb 19 18:26:09 UTC 2005
Modified Files:
src/sbin/pppoectl: pppoectl.8 pppoectl.c
Log Message:
PR/29457: Joachim Kuebart: pppoectl's config file does not allow # in passwords
Fixed, by passing FPARSELN_UNESCALL in parsing.
To generate a diff of this commit:
cvs rdiff -r1.23 -r1.24 src/sbin/pppoectl/pppoectl.8
cvs rdiff -r1.16 -r1.17 src/sbin/pppoectl/pppoectl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
|
|