Project

General

Profile

Actions

Bug #16128

open

if_pppoe: PHP password handling

Added by Kristof Provost 29 days ago. Updated 2 days ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
PPP Interfaces
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

A user reports (https://forum.netgate.com/topic/197026/25-03-b-20250306-0140-if_pppoe-kernel-module-chap-failure/10 ) that a leading space in a password used to be ignored as it was written to the mpd5 configuration file without quotes around it.
That's not the case with if_pppoe, so it's considered part of the password.

The if_pppoe behaviour is probably what we want, but we ought to at least document this for TAC.

We should also check if we're correctly handling passwords with symbols such as ", ', \, ... in them here: https://gitlab.netgate.com/pfSense/pfSense/-/blob/master/src/etc/inc/interfaces.inc?ref_type=heads#L2311

Actions #1

Updated by Bill Meeks 29 days ago

Just a thought -- but it would potentially be helpful if password validation logic would check for leading or trailing spaces in entered passwords and warn the user when saving by displaying the standard pfSense warning message at the top of the page. Make it a warning and not a fail, so the user can proceed with the space(s) if desired. Unintended spaces in passwords have been the source of several mysterious problems <grin>.

Actions #2

Updated by Kris Phillips 2 days ago

  • Status changed from New to Confirmed

Marking as Confirmed for now, since this is a known difference in behavior.

Actions

Also available in: Atom PDF